• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 6 replies
  • Subscribers 94 subscribers
  • Views 572 views
  • Users 0 members are here
Options
Related

Communicating passwords following user creation

sam cogan
4 months ago

Hi there,

We have a requirement to communicate passwords to users to enable them to login to their device.

OneIdentity Manager is creating AD accounts they are then syncd to EntraID (AzureAD).

Is there a way to create a customised password that uses certain data from the HR system. For example employeenumber/phone number etc. The user would then log into the microsoft self service password reset portal and set their own credentials.

This prevents anyone else from knowing the credentials.

Parents
  • +1 4 months ago

    Hi Sam,

    Assuming you're on a relatively new version of One Identity such as V9.<something> (It's always good to mention your version).

    In the manager tool under employees -> basic configuration data -> password policies you can find the password policies. One of these is for 'Active directory password policy'.

    Here you can configure how the AD passwords should be generated, you can add criteria such as the length of the passwords and the characters to be used. If you have special requierments under the tab 'scripts' you can define a generating script which is the script that will be used to generate the password.

    You'll have to make the script yourself (using the HR data you want) obviously, but you should be able to make a password that meets whatever requierments you have using the password policies.

  • 0 4 months ago in reply to jos groenewegen

    Hi there - thanks for this. 

    We are using v8.2 at the moment. Thanks for the info that's helpful.

    As a side note - how would you communicate that to the user. We want it to be as secure as possible ie no sharing of credentials via email or instant message etc etc.

  • +1 4 months ago in reply to sam cogan

    In our case, every new identity must provide a notification endpoint, either a phone number or email (later they can access their profile and maybe set a telegram username, too)

    Once the identity has been created, we only send the login name to those endpoints. The new employee can go to our password recovery portal, enter the login name  and request a pin code to their phone/mail (or telegram), then reset the password with that pin.

Reply
  • +1 4 months ago in reply to sam cogan

    In our case, every new identity must provide a notification endpoint, either a phone number or email (later they can access their profile and maybe set a telegram username, too)

    Once the identity has been created, we only send the login name to those endpoints. The new employee can go to our password recovery portal, enter the login name  and request a pin code to their phone/mail (or telegram), then reset the password with that pin.

Children