Password Management › Password Policies

Password Policies

A password policy is a set of rules and restrictions that determines how passwords are created and when they expire.

In a password policy, you can configure the following settings:

• Password composition--Specify the content requirements for new passwords. For example, you can configure settings that require users to create passwords which are at least eight characters long and contain a number and a letter.
• Regular expressions--Provide an expression that determines the format of a valid password. You can specify whether passwords must match or must not match that format.
• Advanced password options--Specify actions that Identity Manager should take, such as making passwords lower case, before processing a password. You can also specify the priority of a password policy, if multiple password policies apply.

Note: You configure a password policy in an Identity Manager environment; however, the policy applies to the user store associated with the environment. If a user directory is associated with multiple environments, a password policy defined in one environment may apply in other environments, as well.

When Identity Manager integrates with SiteMinder, you can configure additional rules and restrictions for password management:

• Password expiration--Define events, such as a number of days elapsing or a number of failed login attempts, that cause a password to expire. When a password expires, the user account is disabled.
• Password restrictions--Set limits on password reuse. For example, users must wait 90 days before reusing a password.

SiteMinder users can also configure password policies in the SiteMinder Administrative user interface. These policies appear in the Identity Manager User Console.

Note:When Identity Manager integrates with SiteMinder, all password policies, including policies that contain password composition rules, regular expressions, and advanced password options are enforced by SiteMinder. In some cases, SiteMinder may enforce policies differently than Identity Manager. See the CA SiteMinder Web Access Manager Policy Server Configuration Guide for information about SiteMinder Password Policies.