At least two direct connect sources that are connected to IdentityNow and configured for password management
IMPORTANT: Verify in advance that the policy enforces requirements that are applicable to all sources you want to sync.
Creating a Password Sync Group
Complete the following steps:
1. In the Admin interface, go to Password Mgmt > Sync Groups.
2. Click New.
The Password Sync Group page is displayed.
3. In Group Name, type a name for the group.
NOTE: This name is displayed to end users when they click Passwords from the Launchpad.
4. In Password Policy, select a password policy that applies to the group.
NOTE: When creating password policies and applying them to sync groups, you should verify that the policy enforces requirements that are applicable to all sources you select. Otherwise, your users might see errors related to changing their password on apps that belong to a sync group.
5. Under Select Sources, click the check box next to each source you want to belong to the sync group.
6. Click Save.
The sync group is created.
The system enforces the new policy the next time a user updates a connected app's password. Those changes are then synchronized across the sources and related apps in the group.
Password Changes and Password Sync Groups
This section explains how password changes are processed for various accounts in password sync groups.
Users can change passwords on auth accounts, but if the auth account is disabled at the source, the user cannot log in.
If an auth account password change is unsuccessful, password changes for related password sync groups are not attempted.
If an auth account password changes is successful, password changes for password sync groups are processed.
If a password sync group’s account is disabled at the source, IdentityNow will still process the password change and let the source reject the change if necessary.
If the source account fails, the changes for the password sync group will continue to be processed.
If a source has multiple accounts and multipleAccountPasswordSync is set, the password changes on all accounts on that source are processed.
If a source has multiple accounts, and multipleAccountPasswordSync is set, and the password change fails on the first account on that source, password changes on the other accounts are still processed.