IBM Security Verify

 View Only

  • 1.  [IGI 5.2.5] Process Designer - Reset Password Configuration

    Posted Tue August 13, 2019 10:21 AM
    Edited by Thierry Tue August 13, 2019 10:58 AM

    Hello,

    Use case: Password reset by helpdesk team without knowledge of the new password.

    Version: IGI 5.2.5 / IGI 5.2.5.1

    While trying to configure a reset password process in the process designer, we have an unexpected behavior with the following configuration : "Change password mode: Created by system."

    We are expecting to have a password generated according to the application password policy that can't be changed and not visible by the operator but it's in clear text.


    Are we missing a configuration option or is it a missing feature that should be named "created by system with no show/hide option"?

    Moreover, during the change password operation, the actor can select multiple accounts but only one password policy seems to be used. What happens when we have specific password policies for each application?

    Thank you for your help!



    ------------------------------
    Thierry
    ------------------------------


  • 2.  RE: [IGI 5.2.5] Process Designer - Reset Password Configuration
    Best Answer

    Posted Wed August 14, 2019 03:40 AM
    Edited by Thierry Tue September 10, 2019 05:05 AM
    Hi Thierry,

    Here's a screenshot of the training module looking at how to setup a helpdesk password reset workflow.


    If it's not working as expected, you may need to raise a ticket with support.

    As to your second question, I'm not sure how it decides which policy to use. If you have wildly different policies, you should look at password groups where you associate sets of accounts with different groups with different policies.


    ------------------------------
    David Edwards,
    WW Tech Enablement SME for IGA and PAM Products
    IBM Security
    ------------------------------

    Original Message


  • 3.  RE: [IGI 5.2.5] Process Designer - Reset Password Configuration

    Posted Tue September 10, 2019 05:05 AM
    Hi,

    Sorry for the late answer, we managed to find an answer from IBM PS and raised a ticket to the support.
    It seems like we weren't the only one asking for this feature, as from my understanding, it should be available in the next fix pack.

    APAR reference for those interested:

    IJ18222: UNABLE TO HAVE HIDDEN AND UNCHANGEABLE PASSWORD WHEN THE PASSWORD IS GENERATED BY SYSTEM

    https://www-01.ibm.com/support/entdocview.wss?uid=swg1IJ18222&myns=swgother&mynp=OCSSGHJR&mync=E&cm_sp=swgother-_-OCSSGHJR-_-E

    ------------------------------
    Thierry
    ------------------------------

    Original Message