SecureLogin provides password policy functionality to enable you to efficiently and effectively manage user passwords, in order to comply with your organization's security policies. You can create password policies at the container, OU, Group Policy, and user object level. Policies set at the container or organizational unit level are inherited by all associated directory objects. Password policies set at the user object level override all higher-level policies. Password policies are linked to application definitions through scripting and are not applied to directory objects. You can do this by creating a password policy in the pane and then linking the policy to the application definition using the RestrictVariable command. However, the application definition is applied at the directory object.
Password policies are comprised of one or more password rules applicable to one or more single sign-on enabled applications and to specific directory objects. You can configure password policies in the of the Administrative Management utility, the iManager single sign-on plug-in, or the Group Policy plug-in.
SecureLogin remembers the passwords and can also handle password changes after they expire on the back-end application, for example, after 30 days or when users decide to change their password. The SecureLogin password management functionality includes the capability to set password expiry duration and generate passwords that comply with specified password policies.
NOTE:You can configure password change events by using SecureLogin’s wizards or through the application definition editor.
Password policies are typically created to match existing password policies. You should consult application owners before changing an existing password policy.
To determine the requirements and parameters of the password policy and the applications the password policy applies to, we recommend that you test complex policies on a test user account to ensure that they are viable.