Identity Manager can be configured to prompt administrators for a password before processing certain account changes. If authentication fails, then the account changes will be cancelled.
There are three forms that administrators can use to change user passwords. These are the Tabbed User form, the Change User Password form, and the Reset User Password form. To ensure that administrators are required to enter their password before Identity Manager processes user account changes, be sure to update all three forms.
To require a password challenge on the Tabbed User form, follow these steps.
In the Administrator interface, open the Identity Manager debug page (The Identity Manager Debug Page) by typing the following URL into your browser. (You must have the Debug capability to open this page.)
http://<AppServerHost>:<Port>/idm/debug/session.jsp
The System Settings page (Identity Manager debug page) opens.
Find the List Objects button, select UserForm from the drop-down menu, then click the ListObjects button.
The List Objects of type: UserForm page opens.
Locate the copy of the Tabbed User Form that you have in production and click edit. (The Tabbed User Form distributed with Identity Manager is a template and should not be modified.)
Add the following code snippet inside the <Form> element:
<Properties> <Property name=’RequiresChallenge’> <List> <String>password</String> <String>email</String> <String>fullname</String> </List> </Property> </Properties> |
The property value is a list that can contain one or more of the following user view attribute names:
applications
adminRoles
assignedLhPolicy
capabilities
controlledOrganizations
firstname
fullname
lastname
organization
password
resources
roles
Save your changes.
To require a password challenge on the Change User Password and Reset User Password forms, follow these steps:
In the Administrator interface, open the Identity Manager debug page (The Identity Manager Debug Page) by typing the following URL into your browser. (You must have the Debug capability to open this page.)
http://<AppServerHost>:<Port>/idm/debug/session.jsp
The System Settings page (Identity Manager debug page) opens.
Locate the List Objects button, select UserForm from the drop-down menu, then click the ListObjects button.
The List Objects of type: UserForm page opens.
Locate the copy of the Change Password User Form that you have in production and click edit. (The Change Password User Form distributed with Identity Manager is a template and should not be modified.)
Locate the <Form> element, then go to the <Properties> element.
Add the following line inside the <Properties> element and save your changes.
<Property name=’RequiresChallenge’ value=’true’/>
Repeat steps 3 - 5, except edit the copy of the “Reset User Password Form” that you have in production.