Re-Encrypt Passwords

The new encryption key is used for newly encrypted passwords. However, because existing passwords can also be decrypted using the default method on any system, you must re-encrypt existing passwords. Ro re-encrypt existing password, you must create a new Encrypted Data Synchronization Task in IdentityIQ.

  1. From the Navigation menu bar, select Intelligence > Tasks.

  2. From the New Task dropdown list select Encrypted Data Synchronization Task from the dropdown list.

  3. Enter a name for the new task.

  4. OPTIONAL: If needed, you can exclude types such as applications, identities or integration configurations from processing.

  5. Save and Execute to immediately run the task.

After the task has completed, all selected encrypted data is changed. A password encrypted with the default key is prefixed with 1. Items encrypted with the new encryption key are prefixed with 2 or another number if multiple encryption keys are stored.

For example, when you look up the Administrator's password in the console, the displays is similar to the following:

> search identity password where name admin
2:WpTZ2hmNaInTAJzeK9Swcw==