When you load account data from a resource using Load from Resource, reconciliation, or Active Sync, Identity Manager does not obtain the password from the resource. (It would be a security breach on the part of the resource if it yielded the password.) Therefore, the Identity Manager account passwords will not be the same as the those on the resource. By default, Identity Manager generates a random password that must be reset. However, you can also use the password view in the user form to specify a temporary password, such as a literal string that is the same for everyone, or is the same as the Identity Manager account ID. See Assigning User Forms and Chapter 3, Identity Manager Views, in Sun Identity Manager Deployment Reference for more information.
For bulk actions, and Load from File, you can specify password values in the CSV file. These should be considered temporary passwords that users must change.
Policies establish limitations for Identity Manager accounts, and are categorized as:
Identity Manager account policies -- Use these to establish user, password, and authentication policy options. Identity Manager account policies are assigned to organizations or users.
Resource password and account ID policies -- Use these to set or select length rules, character type rules, and allowed words and attribute values.
Make sure you make any updates to the default policies before you begin loading account information into Identity Manager.
The following table lists the policies provided with Identity Manager as well as the default settings.
Table 4–2 Default Identity Manager Policies
See Chapter 3, User and Account Management, in Sun Identity Manager 8.1 Business Administrator’s Guide for more information about account and password policies.