6.1 Using Self-Service Password Management in Identity Manager

SSPR automatically integrates with the single sign-on process for the identity applications and Identity Reporting. It is the default password management program for Identity Manager. When a user requests a password reset, SSPR requires the user to answer the challenge-response question. If the answers are correct, SSPR responds in one of the following ways:

  • Allows users to create a new password

  • Creates a new password and sends it to the user

  • Creates a new password, sends it to the user, and marks the old password as expired.

You configure this response in the SSPR Configuration Editor. After upgrading to a new version of Identity Manager, you can configure SSPR to use the NMAS method that Identity Manager traditionally used for password management. However, SSPR does not recognize your existing password policies for managing forgotten passwords. To continue using your policies, see Understanding the Legacy Password Management Provider in the NetIQ Identity Manager Setup Guide. You can also configure SSPR to use its proprietary protocol instead of NMAS. If you make this change, you cannot return to using NMAS without resetting your password policies.

You can use SSPR to perform any of the functions listed in Table 6-1:

Table 6-1 Password Management Functions

This Password Management page

Enables you to

Password Challenge Response

Set or change either of the following:

  • Your valid responses to administrator-defined challenge questions

  • User-defined challenge questions and responses

Change Password

Change (reset) your password, according to the rules established by your system administrator

Password Policy Status

Review your password policy requirements

6.1.1 Password Challenge Response

Challenge questions are used to verify your identity during login when you have forgotten your password. If the system administrator has set up a password policy that enables this feature for you, you can use the Password Challenge Response page to:

  • Specify responses that are valid for you when answering administrator-defined questions.

  • Specify your own questions and the valid responses for them (if your password policy enables this).

In Identity Manager 4.5, during the login process, the login page automatically redirects you to the Challenge-Response page. You set up the responses for challenge questions on this page. For more information, see Section 1.3.1, If You Forget Your Password. When you log on again and try to reset the forgotten password, SSPR prompts the configured questions and asks you to specify the correct answer. When the answer matches with the response that you saved earlier, SSPR allows you to reset the password.

6.1.2 Change Password

You can change your password (providing that the system administrator has enabled you to do so) from the Identity Manager Home page.

  1. On the Identity Manager Home page, click Change My Password.

    1. Type your current password. The Change Password page displays.

    2. Type your new password in the New Password text box.

    3. Type your new password again in the Confirm Password text box.

    4. Click Change Password.

      If your new password violates any of the password rules that your administrator defined in the password policy, you will see an error message on the Change Password page.

      This page typically provides information about how to specify a password that meets the policy’s requirements that your administrator defined. Review the password rules, and try again.

  2. Click Continue. The status of your request is displayed. On success, it takes you back to the OSP login page.

6.1.3 Password Policy Status

NOTE:This feature is only available for administrators.

Your administrator assigns you a password policy. The policy determines the security measures associated with your password. You cannot check your password policy requirements unless the User Application administrator provides you with rights to do so. The User Application administrator can check the status of your password policy on the Identity Manager Home page. This link does not exist by default. You need to customize the Home page to include it. For customizing the default Identity Manager Home items, see Configuring Identity Manager Home Items in the NetIQ Identity Manager Home and Provisioning Dashboard User Guide .

On the Home page, click Password Status and Policy link. The Password Policy Status and Policy page displays. To change your Identity Manager password, go to Identity Manager Home and select Change My Password. The Identity Manager Home link redirects you to the Change Password area of SSPR.