Creating a Password Sync Group

If you want a password to be the same across multiple direct connect sources, you can synchronize them by combining them into password sync groups.

See the following sections for information:

 

Prerequisites:

  • At least one password policy
  • At least two direct connect sources that are connected to IdentityNow and configured for password management

IMPORTANT: Verify in advance that the policy enforces requirements that are applicable to all sources you want to sync.

 

Creating a Password Sync Group


Complete the following steps:

 

1. In the Admin interface, go to Password Mgmt > Sync Groups.

 

2. Click New.

sync group main.png
The Password Sync Group page is displayed. new sync group.png

3. In Group Name, type a name for the group.

 

NOTE: This name is displayed to end users when they click Passwords from the Launchpad.

 

4. In Password Policy, select a password policy that applies to the group.

new sync group.png

NOTE: When creating password policies and applying them to sync groups, you should verify that the policy enforces requirements that are applicable to all sources you select. Otherwise, your users might see errors related to changing their password on apps that belong to a sync group.

 

5. Under Select Sources, click the check box next to each source you want to belong to the sync group.

 

6. Click Save.

 

The sync group is created.

 

The system enforces the new policy the next time a user updates a connected app's password. Those changes are then synchronized across the sources and related apps in the group.

sync group sources.png

 

 

Password Changes and Password Sync Groups


This section explains how password changes are processed for various accounts in password sync groups.

 

Authentication Accounts

  • Users can change passwords on auth accounts, but if the auth account is disabled at the source, the user cannot log in.

  • If an auth account password change is unsuccessful, password changes for related password sync groups are not attempted.

  • If an auth account password changes is successful, password changes for password sync groups are processed.

 

Disabled Accounts

  • If a password sync group’s account is disabled at the source, IdentityNow will still process the password change and let the source reject the change if necessary.

  • If the source account fails, the changes for the password sync group will continue to be processed.

 

Multiple Accounts

  • If a source has multiple accounts and multipleAccountPasswordSync is set, the password changes on all accounts on that source are processed.

  • If a source has multiple accounts, and multipleAccountPasswordSync is set, and the password change fails on the first account on that source, password changes on the other accounts are still processed.

 

Related Docmentation:

Labels (1)
Version history
Revision #:
5 of 5
Last update:
‎Apr 23, 2020 03:25 PM
Updated by: