Assigning password policies to users and groups

Edit online

You can assign password policies to specific users and groups.

About this task

IBM® Verify provides two default password policies. Neither of these policies can be deleted.
Default password policy
All users are a member of an internal, unexposed group with this password policy attached. This policy applies to all users as a group-attached password policy. This policy is the only password policy that password expiration and minimum password age settings are settable. All password policy attributes in this policy can be modified.
Default no expiry password policy
This password policy has a fixed no password expiration and no minimum password age. These settings cannot be modified. It cannot be applied to groups. It is typically used to override the default password policy for a user, specifically the password expiration and minimum age attributes, by attaching directly to the user. Other password policy attributes in this policy can be modified.
Custom password policies
Extra custom password policies can be created, modified, and deleted. The password expiration and minimum age are not present or settable in these policies. These policies have no effect on these values when determining their effect on the user. The other password policy attributes in these policies can be modified.

You can assign one default policy or one custom policy to each user and group. If a user has an assigned password policy, that password policy applies to the user. Otherwise, enforcement uses the combined password policies that are attached to the groups that the user is a member of. This combination always includes the “Default password policy”. All users are a member of an internal, unexposed group to which this password policy is attached. When group password policies are combined for a user, the more restrictive requirements are applied. For example, if the default policy requires 4 alpha characters but the custom policy requires 2 alpha characters, enforcement requires 4 alpha characters.

Procedure

  1. Log in as an administrator on Verify.
  2. Select Security > Password management.
  3. Select the policy that you want to assign.
  4. Click the View settings icon geer icon.
  5. Select Users & groups or Users.
  6. Click Assign users and groups or Assign users.
  7. In the Search field, type the name of the user or group that you want to assign the policy to.
  8. Select the user or group from the search results.
    The user or group is added to the Selected users and groups list.
  9. Optional: Repeat the search and select steps.
  10. When your list of users and groups is complete, click Add.
  11. Optional: To unassign a policy from a user or group , click the Remove icon next to the user or group. and confirm the removal.