Password Management

Use

Users require a password to be able to log on with user ID and password. As administrator you need to define or generate an initial password for newly created users. If users forget their passwords, you can also define or generate a new password for them. You can provide a link on the logon screen where users can reset their passwords themselves. If you enable self-management, users can view their profile and change their own passwords.

You can also disable a user’s password. A user with a disabled password cannot log on with a password, but can still log on under certain circumstances.

Prerequisites

If you want to change a user’s password or automatically generate a user’s password, you must enable e-mail notification, otherwise the system cannot notify users about their new password. See Configuring E-Mail Notification.

Features

This section describes the feature of password management.

Security Policy

The security policy defines the password rules. For example, you can define how long until a password expires or how many digits a password must contain. For more information, see Configuring the Security Policy for User ID and Passwords.

Defining Initial Passwords or Changing Passwords

You have the following options for defining initial passwords for new users, or changing an existing user’s password:

Caution

When defining or changing passwords, note the following:

If you change the password for the default administrator user, you must also update the password for this user in the secure storage of the AS Java. For more information, see Modifying the Default Administrator User.

You must enable e-mail notification for when you define or change passwords, otherwise the system cannot notify users of their new password.

E-Mail notification sends the logon passwords in plain text.

· Define a user’s password in the user details view

The user receives a notification e-mail containing the new password and is prompted to change his or her password the next time he or she logs on.

· Generate a password for the user in the Details view for the user or for one or more user in the Search view.

The system automatically generates a new password for the user. The user receives a notification e-mail containing the new password and is prompted to change his or her password the next time he or she logs on.

Update the user with the import function

Include the password attribute with a new password in the import. The user receives a notification e-mail containing the new password and is prompted to change his or her password the next time he or she logs on.

Help for Forgotten Passwords

Users inevitably forget their passwords. You can enable users to reset their passwords themselves, by configuring a link for logon help on the Welcome screen. Users enter their logon ID and other data.

If the user enters all this information correctly, the UME generates a new password according to the security policy and e-mails it to the user.

If the user enters the information incorrectly, an error message appears and the user must contact the administrator directly.

For more information, see Enabling Users to Reset Their Own Password.

Disabling Passwords

You can disable a user’s password. The user can no longer log on using a password, but only with Single Sign-On variants (X.509 certificate, logon ticket). This is useful if you do not require password-based logon. Your users logon in other ways, such as using client certificates. In this case, deactivating the password increases security, as passwords that are not used are often still initial. Initial passwords are often well-known or were sent to the user in an e-mail, unencrypted.

Depending on the security policy settings, the UME can lock a password after too many failed logon attempts.

Self-Management

If you want users to manage their own passwords, assign the action UME.Manage_My_Password to a role assigned to the everyone group. If you enable users to manage their own profiles, this action is not necessary. See also User Profile. This function requires you to set the indicator Allow Users to Change Their Own Passwords in the security policy settings.

Activities

Activity

How to Perform the Activity

Define an initial password for a user

...

1. Search for the user.

2. In the search results list, select the user.

The user details view appears.

3. In the Details view, choose Modify.

4. On the General Information tab, select Define Initial Password.

5. Enter the new password in the Define Password field and reenter it in the Confirm Password field.

6. Choose Save.

The system sends the user a notification e-mail containing the new password and prompts him or her to change this password the next time he or she logs on.

Generate a new password for a user

...

1. Search for the user.

2. In the search results list, select the user.

3. Choose Generate New Password.

The system sends the user a notification e-mail containing the new password and prompts him or her to change this password the next time he or she logs on.

Disable a user’s password

...

1. Search for the user.

2. In the search results list, select the user.

The user details view appears.

3. In the user details view, choose Modify.

4. On the General Information tab, select Disable Password.

5. Choose Save.

End of Content Area

No comments:

topics