IBM Security Verify

 View Only
Expand all | Collapse all

Ibm security identity manager - v7.0..0

  • 1.  Ibm security identity manager - v7.0..0

    Posted Wed November 25, 2020 11:33 AM

    How can we configure maximum password age in isim password policy ?

    For minimum password age I referred : https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.0.22/com.ibm.isim.doc/admin/cpt/cpt_ic_admin_pwdrules_add_cust_min_pwd_age.html

    Do we have similar article for maximum password age ?



    ------------------------------
    Pradhan Rishi Sharma
    ------------------------------


  • 2.  RE: Ibm security identity manager - v7.0..0

    Posted Wed November 25, 2020 11:46 AM
    Hi Pradhan...

    I responded to your other post for the same question...but will here as well:

    Hi Pradhan... 

    If you're just talking ISIM Accounts, then this would be set in Set System Security > Set Security Properties...in the "Identity account password expiration period in days" field.   As for other Accounts, the Password Rules are only checked with changing passwords for Accounts (so wouldn't not be something that's regularly evaluated to see if other Accounts need password changed).  For something like that, you'd typically configure a Lifecycle Rule (LCR).  This would be for whichever Account Type(s) you're interested in and would typically filter on the "erPswLastChanged" attribute.  This would then invoke whatever Operation you've configured to alert the User they need to change their password for the affected Accounts.

    The filter for the LCR might look something like this for accounts that need to change their passwords every 90 days:

    (erPswdLastChanged>=${system.date - 90})​

    Of course you might want to have multiple LCRs to invoke alert/reminder notifications for users that their password expiration is getting near (like at 70 and/or 80 days).

    There's actually an example similar to the above here:  https://www.ibm.com/support/knowledgecenter/SSRMWJ_6.0.2/com.ibm.isim.doc/configuring/cpt/cpt_ic_lifecycle_filter_sched.html

    ------------------------------
    Grey Thrasher
    IBM
    ------------------------------