Passwords
Use this tab to define the password policy for IdentityIQ. All of the users must set up their passwords based on the policy created on this tab.
Use the Define Character Types dialog to define a custom set of character that are allowed in passwords. These can be used to match password requirements for specific application types. Click Define Character Types to open the dialog and enter character sets by category, such as Digits, Uppercase Characters, Lowercase or Non-English Characters, Special Characters. All characters are allowed if these fields are empty.
Configuration
You must run the Encrypt Sensitive Data Task after selecting this option to convert any saved values from encrypted to hashed.
Note: When this option is selected, all values are hashed instead of encrypted.
These values include passwords, password history, and authentication questions. When this option is enabled, specific password policy options are disabled.
For more information, see Data Encryption.
The number of iterations performed in the hashing algorithm.
Password Policy
The minimum number of characters, letters, or digits, required for a valid password.
The maximum number of characters, letters, or digits, allowed in a valid password.
The minimum number of letters required for a valid password.
The minimum number of character types required for a valid password. Applicable character types are upper case, lower case, digits, and special characters. If no value is set, all of the character type constraints must be met.
The minimum number of digits required for a valid password.
The minimum number of uppercase letters required for a valid password.
The minimum number of lowercase letters required for a valid password.
The minimum number of special characters required.
The maximum number of consecutive repeated characters allowed in a valid password. For example, if this option is set to 2, "cloudd" and "cclooud" are valid, but "clouddd," "cloooud" and "cccloud" are invalid. This value also sets the maximum number of occurrences of repeated characters allowed in a valid password. For example, if this option is set to 2, "happy123" is valid, however, "happy22" and "happpy123" are not.
In this example, when "cclooudd" is an invalid password, the following error message is displayed: Password should not contain more than 2 occurrence(s) of the repeated characters. When "clouddd" is an invalid password, the following error message is displayed: Password should not contain more than 2 consecutive repeated characters.
Setting this value to zero has the same effect as leaving this field blank, allowing any number of repeated and consecutive characters.
To prevent the use of any consecutive repeated characters, set this value to 1. Setting the value to 1 does not prevent using a character more than once, as long as the characters are not consecutive. For example, with a value of 1, "kitkat" is valid but "kitten" is not.
The number of previous passwords stored by IdentityIQ.
This number includes the current password so if the length is two, the history is the current password and one other. If the length is set to zero there is no history.
Ensure that the shorter of the old and new password is not a substring of the other.
Both passwords are changed to upper case prior to the check.
The minimum number of unique characters by position for the new password. Can be used to ensure that not just the first or last character is changed.
Select Case sensitive check to ensure that more than just the case is changing in the new password.
The number of days until a password set manually expires.
If the days are zero passwords do not expire.
The number of days until a password set by the identity create rule during aggregation expires.
If zero the days are zero passwords do not expire.
The minimum number of hours that must past before a user's password can be changed again.
Ensures that the password to be created is unique.
Check the new password for validity against the attributes assigned to the identity.
Require users to enter there current password before creating a new password.