1.5 Password Policy Enforcement Notifications

Identity Manager enables you to automatically notify users via e-mail when a password change was not successful.

For example, you set Identity Manager to not accept incoming passwords from Active Directory when they don’t comply with your password policy. One policy rule specifies that the company name can’t be used as a password. A user changes his or her Active Directory password to include the company name. Identity Manager rejects the password and sends the user an e-mail message stating that the password change was not synchronized.

The User Application password self-service console lets you display the password policy rules so that users know how to create a compliant password. However, if you allow users to change their password through a connected system, the connected system is not able to display the policy.

If you want to avoid notifications caused by non-compliant passwords, you should require users to change the password only in the User Application, or at least make sure that the policy rules are well publicized.