User passwords provided by an identity feed
Encryption by the directory server prevents IBM Verify Identity Governance from
using the userPassword attribute in the inetOrgPerson schema
to provide user password data in an inetOrgPerson identity
feed from LDAP or a Windows Server Active Directory identity
feed.
Other
identity
feeds that use CSV, DSML, or IBM® Security Directory Integrator-based formats
can provide a password for a new user. Given the identity feed value, IBM Verify Identity Governance uses
the erPersonPassword attribute to create a password
for a new user's IBM Verify Identity Governance account.
The erPersonPassword attribute is used only to create
a password for a new IBM Verify Identity Governance user.
If the user exists, the value of the erPersonPassword attribute
cannot be used to change the IBM Verify Identity Governance user's
login password.
In any identity feed where the erPersonPassword is
not provided, IBM Verify Identity Governance generates
a new password for a new use. The application sends the generated
password by email to the new user. If the email address of the user
is not populated, the user must contact the help desk to obtain a
password. Depending your site requirements, the new user's password
might also be sent to the user's manager.
The password value that IBM Security Directory Integrator provides must be encoded in base64 format.
These identity feed attributes provide a value in clear text that is the password for a new user:
- CSV column name:
erPersonPassword - DSML tag:
erPersonPassword