1.5 Password Policy Assignments

Password policies are assigned with a tree-centric perspective, meaning that you assign them to the Identity Vault containers that hold the users to whom you want the policies applied. In contrast, password synchronization is set up per driver. Drivers are installed on a per-server basis and can manage only those users who are in a master or read/write replica on the server.

To get the results you expect from password synchronization, make sure that the user containers that have password policies required by a driver for password synchronization are in a master or read/write replica on the driver’s server. Assigning a password policy to a partition root container ensures that all users in that container and subcontainers are assigned the password policy.