Setting a password when a user is created
We can enable a password to be generated and set for a user automatically at the time the user is created.
For the collected password to be set to auto-provisioned accounts, the following criteria must be met.
- An automatic entitlement that entitles the user to the account must exist.
- An account default for erpassword must exist at the service or service type level.
This option is intended to enable prompting for a password when creating users through the user interface. By default, IBM Security Identity Manager satisfies these criteria for IBM Security Identity Manager Server login accounts. A user that is created through the user interface is automatically provisioned an Security Identity Manager Server account with a known password. The password is entered at the time of user creation.
The system property for setting the password on a user during the user creation is configured for use during auto-provisioning of Security Identity Manager accounts only. When enabled, the "Set password on user..." system property gathers a password during user creation and stores it in the user record.. Also provided is an account default for the ITIM Service service type that sets erpassword during auto-provisioning to the value stored in the person record. We can configure another service to use this property by enabling the service for auto-provisioning and adding the necessary account default. Use the following account default script:
subject.getAndDecryptPersonPassword();If auto-provisioning is disabled, or if the account default is removed, disable the Set password on user during user creation property.Procedur.
To enable a password to be generated and set for a user at the time the user is created...
Procedure
- From the navigation tree, select Set System Security > Set Security Properties.
- Select the Set password on user during user creation check box, and click OK.
- On the Success page, click Close.
Parent topic: Password administration