Configuring Cloud Directory

Edit online

A password policy governs the password strength, history, and use. Change the password policy based on your organization's security requirements.

About this task

You cannot change the Realm, ID, or the Default password policy selection. To change the Default password policy, see Managing password policies.

Procedure

  1. Select Authentication > Identity providers
  2. From the left side menu, select Cloud Directory.
  3. Optional: Change the name of the directory.
  4. Optional: Select or clear the checkbox to use Cloud Directory for sign-in.
  5. Optional: Select the attributes that can be used as login identifiers.
    IBM® Verify authenticates users by using the userName attribute, which is the optimal method. However, you can allow users to use one of these alternative attributes as an identifier at login.
    Note: To avoid user conflicts, use attributes that have unique values, such as an employee ID, email address, or a mobile number.
    1. Expand the Choose attributes menu.
    2. Select the checkbox for the attribute that you want to use for login.
      Although any attribute can be selected, selecting attributes with the constraint of unique ensures that all values are different.
      The attribute is added to the list of login identifier attributes.
    3. Repeat step a and b for each attribute that you want to use for login.
      You can select a maximum of four attributes.
    4. Remove an attribute.
      To remove an attribute from the login list, expand the menu and clear the checkbox for that attribute. To remove all the selected login attributes, click the x next to the number.
  6. Optional: Modify the default password policy.
    Cloud Directory uses the default password policy. You cannot change the selection. The default password policy settings are listed. You can change the default password policy settings. See Managing password policies.
  7. Optional: Select a password intelligence policy from the menu.
    To create a password intelligence policy, see Managing password intelligence.
  8. Optional: Select Enable password sync.
    If your application supports password synchronization, this option uses the Cloud Directory account password for accounts that are provisioned to the application. For a list of applications that support password synchronization, see Applications that support password synchronization.

    For applications that do not support password synchronization, a random Cloud Directory password is generated for provisioned accounts.

  9. Optional: Select Enable password reset.
    The Enable password reset option allows the users to reset their password. It enables the forgotten password feature. If you select Enable password reset, you can specify to send an email to inform the user if their account doesn't exist. The email is sent to the email address that was used to attempt the login.
  10. Optional: Select Username recovery.
    Select this option so that users can recover their username by providing a different attribute. You can specify whether the users must provide one or two attributes to recover their username. If the user details are valid, an email with the username information is sent to the registered email address. If you enable Username recovery, you can specify to send an email to inform the user if their account doesn't exist. The email is sent to the email address that was used to attempt the login.
  11. Click Save changes.