Apply a Password Policy to a Set of Users

Password Management › Password Policies › Password Policies with SiteMinder › Apply a Password Policy to a Set of Users

Apply a Password Policy to a Set of Users

If Identity Manager integrates with SiteMinder for advanced password policies, you can specify rules that determine the set of users to which a password policy applies. This allows you to have one password policy for general employees, and a stricter policy for high-level managers.

To specify a rule for a password policy

Create or modify a password policy in the User Console.
Select the type of filter to configure in the Directory Filter field.
See the following table for a description of each filter type.

Note: The options for filter type that appear in the Directory Filter list box are determined by the type of user store to which the password policy applies. Some filter types are not available for relational databases and eTrust Directory user stores.
Specify a condition by selecting an attribute and operator, and entering a value.
To add additional conditions, click the plus sign.

The following table describes the options for directory filter types, and provides examples of each filter type.

Type of Filter	Use this filter to...	Example
Entire Directory	Apply a password policy to all users in a user store.	N\A
In a group	Search for a specific group	Name=Product Team
A user	Search for and select a single user	User ID=jsmith
User filter (Not available for relational databases)	Specify a filter for users.	Employee Type = Contractor
User Search Expression	Enter a search query for users Note: See the CA SiteMinder Web Access Manager Policy Server Configuration Guide for information about the LDAP search expression.	uid=*smith
Group Filter (Not available for relational databases and Provisioning Server user stores)	Specify a filter for groups	Self Subscribing = *
Group Search Expression (Not available Provisioning Server user stores)	Enter a search query for groups Note: See the CA SiteMinder Web Access Manager Policy Server Configuration Guide for information about the LDAP search expression.	cn=Sales*
Organization Filter (Not available for relational databases and Provisioning Server user stores)	Specify a filter for organizations Note: See the CA SiteMinder Web Access Manager Policy Server Configuration Guide for information about the LDAP search expression.	Organization name = *Marketing
Organization Search Expression (Not available for relational databases and Provisioning Server user stores)	Enter a search query for organizations Note: See the CA SiteMinder Web Access Manager Policy Server Configuration Guide for information about the LDAP search expression.	ou=Boston
Search	Specify a query that is not included in the other options for filter type. Note: See the CA SiteMinder Web Access Manager Policy Server Configuration Guide for information about the LDAP search expression.	(&(uid=*smith)(ou=Boston))