cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

blocking password provisioning in a specific target application

Go to solution
Former Member

on ‎07-25-2014 5:59 PM

0 Kudos

Hi experts,

According to my requirements, it has to be possible to reset the password from the active directory (password hook) and IDM (self-service task).

The issue here is when the password is set from the AD, I would like to update all target applications except the AD.

In the same time, if the password is modified from IDM, it has to be provisioned everywhere (including AD).

So, Is there a way to not provision password in a specific application when MX_ENCRYPTED_PASSWORD attribute is set?

I know it's possible to deactivate this attribute Under task tab of the system privilege, but I don't see how can I use it.

Is there an operator (such as DIRECT_REFERENCE...) to not provision the password that is populated in a toIdentityStore pass for exemple?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-26-2014 7:25 AM
0 Kudos

Hi Guillaume,

First of all you need to differentiate the password source. It can be from 1) AD, or 2) password self service. To do that, you may need to have a customized attribute of MX_PERSON, for instance Z_PASSWORD_SOURCE.

Next you need to customize the password reset task of AD repository. In the new task, if the password is from 1) AD,  the task needs to skip the password reset operation.

By doing so, I think your requirements can be met.

Best Regards

Jack Xiong

Show replies
Show replies

Answers (0)

Ask a Question