The process for resetting Identity Manager user account passwords is similar to the change process. The reset process differs from a password change in that you do not specify a new password. Rather, Identity Manager randomly generates a new password (depending on your selections and password policies) for the user account, resource accounts, or a combination of these.
The policy assigned to the user (by direct assignment or through the user’s organization) controls several reset options, including:
How often a password can be reset before resets are disabled
Where the new password is displayed or sent
Depending on the Reset Notification Option selected for the role, Identity Manager emails the new password to the user or displays it (on the Results page) to the Identity Manager administrator requesting the reset.
The Reset Password user action is available on the User List page (Accounts > List Accounts).
To reset a password from the User List page, follow these steps:
In the Administrator interface, click Accounts in the main menu. The User List page displays on the List Accounts tab.
Select a user and click the User Actions drop-down menu.
To reset the password, select Reset Password.
The Reset User Password page opens.
Click the Reset Password button.
When you reset a user password, the password is immediately expired by default. Consequently, the first time users log in after a password reset, they must select a new password to gain access. You can use the Edit the Reset User Password form to override this default, so that the user’s password will expire according to the expire password policy set in the Identity Manager Account Policy associated with that user.
Use the following process to override the default change-password requirement:
Edit the Reset User Password Form and set the following value to false.
Use the Reset option in the Identity Manager Account Policy to specify when a password expires.
The settings include
permanent. Identity Manager uses the time period specified in the passwordExpiry policy attribute to calculate the relative date from the current date when the password is reset, and then set that date on the user. If no value is specified, the changed or reset password never expires.
temporary. Identity Manager uses the time period specified in the tempPasswordExpiry policy attribute to calculate the relative date from the current date when the password is reset, and then set that date on the user. If no value is specified, the changed or reset password never expires. If tempPasswordExpiry is set to a value of 0, then the password is expired immediately.
The tempPasswordExpiry attribute applies only when passwords are reset (randomly changed). It does not apply to password changes.