Password policies facilitate user logons while ensuring the organization's security. The Access Portal Service lets administrators set policies that control automatic password generation.
Most applications have constraints for passwords: how long they can or must be, whether they must or must not include numbers or symbols, and so on. the Access Portal Service's password generation feature improves application logon security by automatically creating passwords made up of random characters according to predefined sets of constraints, stored as password policies. Each policy can apply to multiple applications or subscribers.
Using predefined password policies, you can completely automate password changes and implement sophisticated security schemes, including complex passwords and application-specific passwords unknown to users.
To manage password generation policies, click Federation at the top of the Administrative Console, then click Password Generation Policies in the Access Portal Service section. A new tab containing options to search and create opens.
Figure 54-1 Password Generation Policies Search/Create Tab
You can search for an existing password generation policy.
You can create a new password generation policy.
To create a new password generation policy:
Figure 54-2 New Password Generation Policy Summary Tab
A distinct name for the policy.
(Optional) A meaningful description to identify the policy.
(Optional) Internal reference information describing the version/variant of the policy.
If you would like to specify your password constraints using regular expressions, enter the desired REGEX string into the Regular Expressions Constraint field. Doing so will override and disable the manual constraint options listed below (except the Previous Password Constraints options).
The minimum password length. Options are 1-128. Default is 8 characters.
The maximum password length. Options are 1-128. Default is 8 characters.
Check the box to allow uppercase characters. If you check the box, you must specify the minimum number required. Default is 0.
Check the box to allow lowercase characters. If you check the box, you must specify the minimum number required. Default is 0.
Check the box to allow non-alphabetical and/or non-numeric characters. If you check the box, you must specify the minimum and maximum number permitted. Default minimum is 0. Default maximum is 8.
Check the box(es) to allow a special character to start and/or end a password.
Enter a list of specific characters to exclude from a password. Do not use any delimiters.
Enter the maximum number of times a given character can be repeated in a password (in any position). Options are 0-127. Default is 7.
Enter the number of times a given character can be repeated consecutively (adjacent to itself). Options are 0-127. Default is 7.
Check the box to allow numeric characters. If you check the box, you must specify the minimum and maximum number permitted. Default minimum and maximum is 0.
Check the box(es) to allow a numeric character to start and/or end a password.
Check to allow other characters to be included in a password.
Previous Password Constraints
Disallow use of previous password. Check the box to prohibit reusing the previous password entirely.
Limit use of previous password characters. Select to limit repetition of characters from the previous password.
Maximum previous password characters. If you checked the previous box to permit usage of some previous password characters, select the maximum number of characters to allow.
The Access Portal Service recognizes multiple occurrences of a character as the same character and will therefore permit more than one occurrence of that character in the new password.
So, if the previous password contained three "A"s, and you specify that one character from the previous password can repeat, the Access Portal Service will allow more than one instance of "A" in the new password.
Figure 54-3 Password Constraints Tab of a Password Generation Policy
Applications that use a password generation policy are called subscribers. You can add subscribers during creation of the policy or at any time thereafter. Following is the procedure to add subscribers to a policy.
To manage policy subscribers:
Figure 54-4 Add Applications Dialog
If you select an application that is already a subscriber to another policy, it will no longer be subscribed to the other policy.