Creating a password policy

An administrator can create a password policy for use with one or more services. For example, you might create a password policy that specifies a rule that a character can be repeated no more than three times in a password.

Before you begin

Depending on how your system administrator customized your system, you might not have access to this task. To obtain access to this task or to have someone complete it for you, contact your system administrator.

Before you create a password policy, create one or more service instances to associate with the password policy. If your policy uses a dictionary of unwanted terms, create and import the dictionary file also.

About this task

If a password policy exists for all services, other policies can still be added. However, only a single password policy can be specified for each service type or each instance of a service type. A password policy might exist for a service type. Additionally, password policies might exist for different instances of that service type. The more specific password policy overrides all others (for example, a password policy for a Windows service instance overrides a password policy for the Windows service).

Procedure

  1. From the navigation tree, select Manage Policies > Manage Password Policies.
  2. On the Select Password Policies page, in the Password Policies table, click Create.
  3. On the Manage Password Policies page, on the General page, type a name and select a business unit for your password policy.
    Optionally, you can add information about the scope of the policy, its status, keywords, a caption, and a description for the password policy.
  4. Click the Targets page, and then choose to add all service types or choose one or more specific services to associate with the policy.
    To add one or more services, complete these steps:
    1. Click Add.
    2. On the Add Targets page, type your search criteria, and then click Search.
    3. In the Services table, select one or more services.
    4. Click OK.
    Note: Service type can also be selected as target for password policy by selecting the target type as Service Type.
  5. On the Manage Password Policies page, click the Rules page. Specify the settings for the password rules that you want to use to determine whether a password entry is valid.
    Note: If password synchronization is enabled, ensure that password policies do not have any conflicts. When password synchronization is enabled, IBM Verify Identity Governance combines policies for all accounts that are owned by the user to determine the password to be used. If conflicts between password policies occur, the password might not be set.
  6. Click OK to save the changes.
  7. On the Success page, click Close.