Skip to Content
avatar image
Former Member

blocking password provisioning in a specific target application

Hi experts,

According to my requirements, it has to be possible to reset the password from the active directory (password hook) and IDM (self-service task).

The issue here is when the password is set from the AD, I would like to update all target applications except the AD.

In the same time, if the password is modified from IDM, it has to be provisioned everywhere (including AD).

So, Is there a way to not provision password in a specific application when MX_ENCRYPTED_PASSWORD attribute is set?

I know it's possible to deactivate this attribute Under task tab of the system privilege, but I don't see how can I use it.

Is there an operator (such as DIRECT_REFERENCE...) to not provision the password that is populated in a toIdentityStore pass for exemple?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Jul 26, 2014 at 06:25 AM

    Hi Guillaume,

    First of all you need to differentiate the password source. It can be from 1) AD, or 2) password self service. To do that, you may need to have a customized attribute of MX_PERSON, for instance Z_PASSWORD_SOURCE.

    Next you need to customize the password reset task of AD repository. In the new task, if the password is from 1) AD,  the task needs to skip the password reset operation.

    By doing so, I think your requirements can be met.

    Best Regards

    Jack Xiong

    Add comment
    10|10000 characters needed characters exceeded