Password Services and Policies

Password Services provide an additional layer of security to protected resources. Password Services uses a forms credential collector (FCC) and customizable HTML forms to manage user passwords in:
sm1252sp1
Password Services
Password Services provide an additional layer of security to protected resources. Password Services uses a forms credential collector (FCC) and customizable HTML forms to manage user passwords in:
  • A user directory
  • Part of a user directory
Password Policies
You use password policies to manage user passwords and to, optionally, enable user–initiated password changes.
  • Password policies define rules and restrictions that govern the following:
    • password expiration
    • composition
    • usage
    You can apply multiple password policies to all or part of a user directory.
    CA Single Sign-On
    applies the policies according to the priorities you specify for each.
  • CA Single Sign-On
     invokes a password policy when a user attempts to access a protected resource and evaluates the credentials of the user. If the policy determines that the password is expired, 
    CA Single Sign-On
     can:
    • Disable the user account to prevent unauthorized access. If disabled, a 
      CA Single Sign-On
       administrator must re–activate the account.
    • Force the user to change the password.
You can use password policies to enforce password composition rules without administrative intervention. Password Services lets you:
  • Force users to change a password at time you specify.
  • Enable user–initiated password changes.
This section contains the following topics: