Skip to main content

Applying password policies by user class

You can use user classes to apply different password policies for segments of the user population on the same target system group; for example to apply stricter rules to Active Directory administrators than to regular users on the same domain. The rules are applied whenever a user changes passwords using the web interface or transparent synchronization is triggered.

To add user-class-selected password policies:

  1. Click Manage the system > Resources > Target system groups then select the target system group you want to modify.

  2. Select the Password policies tab.

  3. Click Select to define a user-class-selected password policy:

  4. Select a Password policy from the drop down list.

    1. Define user classes:

      • Select existing user classes: Click Select… and enable the checkboxes for the user classes you want to add, then click Select.

      • Create new user classes: Click plus icon Add new… .

    2. If required, configure Participant mapping for each user class that you add.

    3. If your membership criteria includes multiple user classes, define whether users are required to match All of the user classes or Any of the user classes.

  5. Click on the Password policies tab or the General sub-link to list all user-class-selected password policies that have been assigned to the target system group.

The target system group’s default password policy will be applied to:

  • Console-only users

  • Users who do not belong to any user class selected on the group’s password policies page

Prioritizing user-class-selected password policies

Only one password policy per target system group is enforced for a user. Where there are multiple password policies set for a target system group, use the 2524.png 2525.png icons to set the priority order of user-class-selected policies. The higher priority policy is applied when a user belongs to multiple user classes.

2526.png

Testing user-class-selected password policies

Click on the Test sub-link to test whether a password policy will be enforced for the tested user. Bravura Security Fabric displays the rules that will be enforced if the tested user has an account on an applicable target system.

See also

In this section: