In this policy, you can configure settings to synchronize the password update between the appliance and Active Directory through the Password Filter. The Password Filter automatically updates the LDAP Password stored in Advanced Authentication, whenever the password is changed or reset in the Active Directory. This helps you to authenticate without getting any prompt to synchronize the password after it is changed or reset.
NOTE:If you do not include the LDAP Password method in a chain, a prompt to perform a synchronization is displayed. Set Save LDAP password to ON in LDAP Password method, the prompt is displayed only for the first time until the password is changed or reset. If you set this option to OFF, a prompt for synchronization is displayed each time.
You can perform the following settings in this policy:
Set Update password on change to ON to update the LDAP password automatically in Advanced Authentication when it is changed in the Active Directory. This helps you to authenticate without getting a prompt to synchronize the password after it is changed.
Set Update password on change to OFF to prompt the user to synchronize the LDAP password while logging in to Windows when the password is changed in the Active Directory.
Set Update password on reset to ON to update the LDAP password automatically in Advanced Authentication when it is it is reset in the Active Directory.This helps users to authenticate without getting a prompt to synchronize the password if it is reset.
Set Update password on reset to OFF to prompt the user to synchronize the LDAP password while logging in to Windows when the user's password has been reset in the Active Directory.
NOTE:If Enable local caching is set to ON in the Cache Options policy and when the password is changed or reset in the Active Directory. Then, a user is prompted to synchronize the password while logging in to Windows irrespective of the status of the following Password Filter for AD settings:
Update password on change
Update password on reset
If Enable local caching is set to OFF, the Password Filter works according to the settings configured in this policy.
NOTE:You must install the Logon Filter on Domain Controllers to function the Password Filter for Active Directory.
For more information, see Advanced Authentication - Logon Filter.
NOTE:Endpoint for the Password Filter must be trusted. To do this, perform the following steps:
Click Endpoints in the Advanced Authentication Administration portal.
Edit an endpoint of the Password Filter.
Set Is trusted to ON and add a description.
Save the changes.