erTenant

erTenant

The erTenant class defines properties based on a tenant, such as the ou if passwords can be edited or lost passwords can be mailed. The parent class is top.
Attribute name Description Enter

ou Organization unit that contains this tenant. This attribute is required. directory string

erIsActive Indicates whether this tenant is active. This attribute is required. Boolean

description Description of tenant. directory string

erPswdEditAllowed Indicates whether passwords might be set (true) or generated (false). This attribute is required. Boolean

erLostPswdByMail Indicates whether passwords can be mailed to a user for this tenant. This attribute is required. Boolean

erBucketCount Hash bucket number. This attribute is required. integer

erLastModifiedTime Time the tenant was last modified (attributes). directory string

erPswdExpirationPeriod Number of days after which the password becomes expired. When the user tries to access the system after the password expires, the user is forced to change the password. When this value is set to 0, the password does not expire. integer

erPswdTransactionExpPeriod Number of hours after which the transaction to retrieve an account password expires. The password is typically retrieved with the URL link provided in an email message from the system. When this value is set to 0, the URL link does not expire. integer

erLogonCount Number of invalid login attempts that the user can have before the user account is suspended. When this value is set to 0, the user can attempt to access the system without limit, and the system does not suspend the account. integer

erResponseEnable Attribute for enabling or disabling the password challenge and response feature. When this attribute is set to TRUE, the user can use the Forgot Your Password link to enter the system by providing correct answers to the password challenge and response questions. Boolean

erResponseDescription Message on the login page when the user account is suspended after the user
Tries to log in to the system too many times.
Fails to respond correctly to the password challenge and response questions.
directory string

erResponseEmail Message emailed to the administrator responsible for user accounts suspended when the user fails to access the system in the defined number of tries. directory string

erChallengeMode Password Challenge Response mode. The following modes are available:
PRE-DEFINED: When this mode is selected, the user must correctly answer all the challenge questions defined by the system administrator to access the system.
USER-SELECTED: When this mode is selected, the user must correctly answer the challenge questions selected when the challenge/response feature for the account was configured. The challenge questions are selected from a defined list.
RANDOM-SELECTED: When this mode is selected, the user must correctly answer the challenge questions selected by the system. The challenge questions are randomly selected from a defined list.
directory string

erRequiredChallenges Number of challenges to which the user must correctly respond to access the system when the password is forgotten. integer

erRandomChallenges Number of challenges available from which the system can select for password challenge and response questions to users who forgot their passwords. integer

erHashedEnabled Not used. Boolean

erRespLastChange Timestamp of when the administrator last changed the Password Challenge/Response configuration. generalized time

erChallengeDefMode Definition mode for lost password challenge response. Possible values are:
Admin Defined (0.
User Defined (1.
integer

erPswdSyncAllowed Attribute for enabling and disabling password synchronization for user accounts. Boolean

erNonComplianceAction Compliant action for accounts of the service. Possible values are:
Mark NonCompliant (0.
Suspend NonCompliant (1.
Correct NonCompliant (2.
Use Workflow (3.
integer

erAlertOption Option settings for when the compliance alert is triggered. Possible values are:
Reconciliation (0.
Policy change (1.
Person data change (2.
Account data change (3.
integer

erShowGenPwd¹ Indicates whether the generated password is displayed on the screen. Boolean

erPwdEnabled² Indicates whether password is enabled. Boolean

erAutoGroupMembershipEnabled² Indicates whether automatic group membership of certain ISIM accounts is enabled. Boolean

¹ Indicates the attribute is added in release 4.6 Express .
² Indicates the attribute value is added in release 5.0.
Parent topic: General classes

Attribute name	Description	Enter
ou	Organization unit that contains this tenant. This attribute is required.	directory string
erIsActive	Indicates whether this tenant is active. This attribute is required.	Boolean
description	Description of tenant.	directory string
erPswdEditAllowed	Indicates whether passwords might be set (true) or generated (false). This attribute is required.	Boolean
erLostPswdByMail	Indicates whether passwords can be mailed to a user for this tenant. This attribute is required.	Boolean
erBucketCount	Hash bucket number. This attribute is required.	integer
erLastModifiedTime	Time the tenant was last modified (attributes).	directory string
erPswdExpirationPeriod	Number of days after which the password becomes expired. When the user tries to access the system after the password expires, the user is forced to change the password. When this value is set to 0, the password does not expire.	integer
erPswdTransactionExpPeriod	Number of hours after which the transaction to retrieve an account password expires. The password is typically retrieved with the URL link provided in an email message from the system. When this value is set to 0, the URL link does not expire.	integer
erLogonCount	Number of invalid login attempts that the user can have before the user account is suspended. When this value is set to 0, the user can attempt to access the system without limit, and the system does not suspend the account.	integer
erResponseEnable	Attribute for enabling or disabling the password challenge and response feature. When this attribute is set to TRUE, the user can use the Forgot Your Password link to enter the system by providing correct answers to the password challenge and response questions.	Boolean
erResponseDescription	Message on the login page when the user account is suspended after the user Tries to log in to the system too many times. Fails to respond correctly to the password challenge and response questions.	directory string
erResponseEmail	Message emailed to the administrator responsible for user accounts suspended when the user fails to access the system in the defined number of tries.	directory string
erChallengeMode	Password Challenge Response mode. The following modes are available: PRE-DEFINED: When this mode is selected, the user must correctly answer all the challenge questions defined by the system administrator to access the system. USER-SELECTED: When this mode is selected, the user must correctly answer the challenge questions selected when the challenge/response feature for the account was configured. The challenge questions are selected from a defined list. RANDOM-SELECTED: When this mode is selected, the user must correctly answer the challenge questions selected by the system. The challenge questions are randomly selected from a defined list.	directory string
erRequiredChallenges	Number of challenges to which the user must correctly respond to access the system when the password is forgotten.	integer
erRandomChallenges	Number of challenges available from which the system can select for password challenge and response questions to users who forgot their passwords.	integer
erHashedEnabled	Not used.	Boolean
erRespLastChange	Timestamp of when the administrator last changed the Password Challenge/Response configuration.	generalized time
erChallengeDefMode	Definition mode for lost password challenge response. Possible values are: Admin Defined (0. User Defined (1.	integer
erPswdSyncAllowed	Attribute for enabling and disabling password synchronization for user accounts.	Boolean
erNonComplianceAction	Compliant action for accounts of the service. Possible values are: Mark NonCompliant (0. Suspend NonCompliant (1. Correct NonCompliant (2. Use Workflow (3.	integer
erAlertOption	Option settings for when the compliance alert is triggered. Possible values are: Reconciliation (0. Policy change (1. Person data change (2. Account data change (3.	integer
erShowGenPwd¹	Indicates whether the generated password is displayed on the screen.	Boolean
erPwdEnabled²	Indicates whether password is enabled.	Boolean
erAutoGroupMembershipEnabled²	Indicates whether automatic group membership of certain ISIM accounts is enabled.	Boolean