Skip to main content

Generate passwords for new accounts

You can use a plugin to automatically generate and assign an initial password for new accounts. This can be useful if accounts should have a hard-coded password (so that every new account has the same initial password), a password based on request attributes, or a randomly generated password.

When a password is provided by the plugin, Bravura Identity skips the Set initial password page usually shown to requesters.

To enable a password generator plugin:

  1. Click Manage the system > Workflow > Options > Plugins.

  2. Type the name of the plugin or PSLang script in the PASSWORD GEN PLUGIN row.

  3. Click Update at the bottom of the page.

Shipped plugins

Install the im_corp_onboard scenario component via the Manage components console to automatically configure password generation logic in this plugin point. This component generates a random initial password for new user accounts. Note that installing this component also installs a number of dependencies, including components that require first-time users to agree to an Acceptable Usage Policy , and to reset their password before accessing Bravura Security Fabric .

You can also write a custom script to generate the initial password.

Write a custom plugin for generating passwords for new accounts

Requirements

See Writing plugins for general requirements.

Execution points

The plugin is run by the Workflow Manager Service (idwfm) when a new account is requested. If the plugin:

  • Fails, the new account request cannot proceed.

  • Succeeds but does not return a password, the user is prompted for a password as usual.

  • Succeeds and returns a password, Bravura Identity skips the Set initial password page and proceeds to the next step of the request.

Input

The plugin receives standard request data . For example:

"" "" = {
  "module" = "<idr|idwfm>" # The program that calls the plugin
         
  "sessionid" = "<session ID>" # session ID for the viewer
  "passwordpolicy" "<policy id>" = {
     "template" = "<template ID>"
     "strength" "<policy id>" = {
      "<rule ID>" = "<rule value>" # 1 or more password rules
     }
  } # 1 or more password policy KVGroups
   "request" "" = { ... }
     # See Request data.
         
}

Output

The output includes the standard "retval" and optional "errmsg" pairs, and either "password" key-value pair or policy password KVGroup:

  "" "" = {
    "errmsg" = "<message>"
    "retval" = "<N>" # 0 for success; non-zero on error
    "password" = "<password value>" # Optional value for all resources
    "strength" "<policy ID>" = {
        "password" = "<password value>"
    } # Optional; 0 or more groups for each password policy
  }
In this section: