11.1 Using Self-Service Password Management in Identity Manager

SSPR automatically integrates with the single sign-on process for the identity applications and Identity Reporting. It is the default password management program for Identity Manager. When a user requests a password reset, SSPR requires the user to answer the challenge-response question. If the answers are correct, SSPR responds in one of the following ways:

  • Allow users to create a new password

  • Create a new password and send it to the user

  • Create a new password, send it to the user, and mark the old password as expired.

You configure this response in the SSPR Configuration Editor. After upgrading to a new version of Identity Manager, you can configure SSPR to use the NMAS method that Identity Manager traditionally used for password management. However, SSPR does not recognize your existing password policies for managing forgotten passwords. You also can configure SSPR to use its proprietary protocol instead of NMAS. If you make this change, you cannot return to using NMAS without resetting your password policies.

You can use SSPR to do any of the functions listed in Table 11-2, Password Management Functions:

Table 11-1 Password Management Functions

This Password Management page

Enables you to

Password Challenge Response

Set or change either of the following:

  • Your valid responses to administrator-defined challenge questions

  • User-defined challenge questions and responses

Change Password

Change (reset) your password, according to the rules established by your system administrator

Password Policy Status

Review your password policy requirements.

11.1.1 Understanding Password Challenge Response

Challenge questions are used to verify your identity during login when you have forgotten your password. If the system administrator has set up a password policy that enables this feature for you, you can use the Password Challenge Response page to:

  • Specify responses that are valid for you when answering administrator-defined questions

  • Specify your own questions and the valid responses for them (if your password policy enables this)

In Identity Manager 4.5, during the login process, the login page automatically redirects you to the Challenge-Response page. You set up the responses for challenge questions on this page. For more information, see If You Forget Your Password. When you login again and try to reset the forgotten password, SSPR prompts the configured questions and asks you to specify the correct answer. When the answer matches with the response that you had saved earlier, SSPR allows you to reset the password.

11.1.2 Changing Your Password

You can change your password (providing that the system administrator has enabled you to do so).

  1. In the Dashboard, click Applications > Change My Password.

  2. Type your current password. The Change Password page displays.

  3. Type your new password in the New Password text box.

  4. Type your new password again in the Confirm Password text box.

  5. Click Change Password.

    If your new password violates any of the password rules defined in the password policy by your administrator, you will see an error message on the Change Password page.

    This page typically provides information about how to specify a password that meets the policy’s requirements as defined by your administrator. Review the password rules, and try again.

  6. Click Continue. The status of your request is displayed. On success, it takes you back to the OSP login page.

11.1.3 Password Policy Status

NOTE:This feature is only available for administrator users.

You are assigned a password policy by your administrator. The policy determines the security measures associated with your password. You cannot check your password policy requirements unless the User Application administrator has provided you with rights to do so. The User Application administrator can check the status of password policy on the Identity Manager Home page. This link does not exist by default. You need to customize the Home page to include it. For customizing the default Identity Manager Home items, see Section 5.0, Managing Applications.

On the landing page, click Password Status and Policy link. The Password Policy Status and Policy page displays. To change your Identity Manager password, go to Identity Manager Home and select Change My Password. The Identity Manager Home link redirects you to the Change Password area of SSPR.