Users can change their passwords whenever they want by using SSPR. You, as an administrator, can configure various settings for the Change Password feature such as enforcing users to provide their current password while changing it, actions to take when a user changes password, and so forth.
To configure Change Password settings, perform the following steps:
In Configuration Editor, click Modules > Change Password.
Click View > Always Show Advanced Settings.
Configure the following settings:
|
Setting |
Description |
|---|---|
|
Logout After Password Change |
Select this check box to enable the system to log out the user after changing a password. The recommendation is to enable this feature for all users especially if a user is using a single sign-on service. |
|
Change Password Required Values Form |
Specify the values required to be entered before changing the password. |
|
Required Current Password During Change |
Select this check box if you want users to provide their current passwords on the Change Password page while changing their passwords. This is required when a user is using single sign-on. In most cases, this is not required because the user gets authenticated prior to accessing the Change Password page. |
|
Password Change Agreement Message |
Specify the message to display to user before being allowed to change the password. The message can include HTML tags. If you leave this field blank, the Change Password Agreement page is not visible to users. You can use Macros in this setting. For more information about macros, see Configuring Macros for Messages and Actions or select View > Macro Help in Configuration Editor. |
|
Password Change Minimum Wait |
Specify the time in seconds required for a password change to take effect. System uses this time for background synchronization processes. |
|
Password Change Maximum Wait Time |
Specify the maximum time in seconds the system waits for the password to be synchronized to all configured LDAP servers during a password change action. This setting prevents the page from timing out when the synchronization takes longer time. |
|
Password Pre-Expire Time |
Specify the time in seconds. Users require to change their password earlier, based on the time specified here, than the actual password expiry date. If the user's password expires within this time frame, the system behaves as if the user's password has already expired. Setting this value prevents the users' passwords expiries while users are logged in. The recommend value for this setting is 86400 seconds (One day). |
|
Password ExpireWarn Time |
Specify the time in seconds. SSPR sends the password expiry notification before a user's password expires. If the user's password expires within this time frame, the system will warn the user during a CommandServlet, checkExpire, or checkAll operation. If this time is zero or less than expirePreTime, this feature is disabled. The recommended value for this setting is 432000 seconds (5 days). |
|
Check Expire During Authentication |
Select this check box to allow the system to verify whether a user’s password is expired or about to expire while authenticating the user. If the password is expired, system forwards the user to the Expired Password page. |
|
Seedlist File |
Specify the Seedlist file. SSPR uses words from the Seedlist file to generate random passwords. You require modifying Seedlist to ensure randomness and also to meet the configured policy for the user. SSPR generate user-friendly random passwords suggestions to users. |
|
Post Password Change Actions |
Specify actions to be taken when a user changes password. The system invokes the configured actions immediately after the password is changed. You can use Macros within the action. |
Click Actions > Save.