Topic
8 replies Latest Post - ‏2013-04-26T07:06:23Z by Nuttapong
Nuttapong
Nuttapong
22 Posts
ACCEPTED ANSWER

Pinned topic ISIM 6.0 Specify Password Synchronization

‏2013-04-23T11:05:22Z |

Hi,

Our customer use ISIM 6.0 and we have to manage over 20 resources.

The customer want to synchronize password between ISIM's user and AD's user.

When we enable password synchronization in Security Properties, all accounts will got the effect.

 

How can we specify password synchronization only to ISIM and AD's account?

 

Thank a lots,

Nuttapong

  • franzw
    franzw
    213 Posts
    ACCEPTED ANSWER

    Re: ISIM 6.0 Specify Password Synchronization

    ‏2013-04-23T12:02:06Z  in response to Nuttapong

    Two observations :

    1.If you want to manage only ISIM and AD - why not go for SSO between the two systems instead ?

    2.Do not enable PasswordSynch - you can use the 4.5 way to manage the password syncronization instead. This works by assigning an account  that performs the password syncronization - this ITIM user is limited by the ITIM ACIs in which account it can see/perfrom password change. There are some limitations in this scheme - but they are less than those of the standard password synch. 

    You should also be aware that the new 6.0 functionality  of Account Ownership types are impacted in the password syncronization - i.e. it will only work on individual accounts - not with any that have other ownership types.

    A word of warning - going outside the standard ITIM functionality like trying to build your own PWSynch requires a very deep understanding of ISIM and is no easy task...

    HTH

    Regards

    Franz Wolfhagen

  • Nuttapong
    Nuttapong
    22 Posts
    ACCEPTED ANSWER

    Re: ISIM 6.0 Specify Password Synchronization

    ‏2013-04-24T04:06:22Z  in response to Nuttapong

    Can I modify the workflow to detect if ISIM's account is changed the password then modify the AD's account with the same password?

    If I can, how to build that workflow?

    Or can you give an idea about workflow?

     

    Thank a lots,

    Nuttapong

    • franzw
      franzw
      213 Posts
      ACCEPTED ANSWER

      Re: ISIM 6.0 Specify Password Synchronization

      ‏2013-04-25T11:05:06Z  in response to Nuttapong

      You are not putting much effort in this yourself - are you ? :-)

      You should study the workflow scenarios in the formal documentation, and try to educate yourself on how this works. All the answers to your last questions can be found in the documentation and doing some searches in this very forum on e.g. "workflow password". This is not rocket science.

      I am not going to help you out on this on my own time if I you do not do you homework first - no one will gain from that. You must understand that the nature of this forum is free help - but no promises - so you have to make the effort as small as possible for others to help you...

      When you have tested the basic I will try to help you out if you have specific problems - this of course not hinder other s in adding their thoughts to the thread.

      Regards

      Franz Wolfhagen

      • Nuttapong
        Nuttapong
        22 Posts
        ACCEPTED ANSWER

        Re: ISIM 6.0 Specify Password Synchronization

        ‏2013-04-26T03:03:27Z  in response to franzw

        Thank you Franz Wolfhagen.

        I have resolved this scenarios by detect the Parent Process ID in workflow.

         

        Regards,

        Nuttapong

         

        • jdell
          jdell
          90 Posts
          ACCEPTED ANSWER

          Re: ISIM 6.0 Specify Password Synchronization

          ‏2013-04-26T03:26:46Z  in response to Nuttapong

          Hi Nuttapong,

          Would you mind providing more details on your resolution?  I have a similar scenario that I'm working on.

          @franzw - In your original reply, you mentioned using a 4.5 technique by "assigning an account that performs the password synchronization". Might be a silly question but exactly how is this account assignment done?  And with password synch disabled do all the changepassword worklflows have to be executed for those services that you want password synch to apply?

          Regards,

          JD

          • Nuttapong
            Nuttapong
            22 Posts
            ACCEPTED ANSWER

            Re: ISIM 6.0 Specify Password Synchronization

            ‏2013-04-26T04:49:57Z  in response to jdell

             

            Hi JD,
             
            In my scenarios, I have 3 services: ITIM, AD and Lotus Notes.
             
            I want to synchronize password only to ITIM and AD but don't synchronize to Lotus Notes.

            So I have modified changePassword workflow of Lotus Notes following this:

            1. Add Script Node before CHANGEPASSWORD Extension.

            2. In Script Node, I have wrote down this script:

            parentId.set(process.parentId);

            3. If parent Process ID is 0, it means that the current change password request is not triggered from Change Password for Multiple Accounts. And means the change password request is targeted directly to Notes account. So trigger the changepassword node.

            4. Else, skip change password node, and head over to End.

             

            ref : https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014585764

             

            HTH

            Regards,

            Nuttapong

             

            • jdell
              jdell
              90 Posts
              ACCEPTED ANSWER

              Re: ISIM 6.0 Specify Password Synchronization

              ‏2013-04-26T05:29:45Z  in response to Nuttapong

              Hi Nuttapong,

              Thanks for your response.

              I have come across this proposed solution before (in your quoted reference). I understand the logic behind it but I don't see how it would work.  If you still have password synch enabled, how do you target a change password request to the account you don't want synchronized.  I've tried through the ITiM admin console and even if you target that one account for a password change request TIM still presents the other accounts owned by the user for inclusion in the password change request and there are no check boxes as password synch is enabled.  If you go ahead with the password change request, when you check the requests, the request type is still "Change Password for Multiple Accounts".

              I'm obviously missing something basic here.

              If only we could select the services as targets for password synch - that would stop all this mucking about.

              Thanks,

              JD