This shows you the differences between two versions of the page.
Both sides previous revision
Previous revision
|
Next revision
Both sides next revision
|
devel:documentation:identities [2019/04/10 07:50] kopro [Admin guide] |
devel:documentation:identities [2019/04/10 07:52] kopro password information |
| |
When identity starts to be valid (some of their contract starts to be valid) and identity has account at least on one target system, then new password is [[.architecture:dev:events#identitysetpasswordprocessor|generated]] and changed on all identity's accounts => identity will have the same password in all accounts. Notification (see ''acc:newPasswordAllSystems'' template) is send to identity about new password on which accounts were changed. | When identity starts to be valid (some of their contract starts to be valid) and identity has account at least on one target system, then new password is [[.architecture:dev:events#identitysetpasswordprocessor|generated]] and changed on all identity's accounts => identity will have the same password in all accounts. Notification (see ''acc:newPasswordAllSystems'' template) is send to identity about new password on which accounts were changed. |
| |
| ===== Password ===== |
| |
| In CzechIdM is user password stored in Bcrypt hash function. User can change password only when own permission ''IDENTITY\_PASSWORDCHANGE'' for the given identity. Password contains also another metadata like valid till, valid from, unsuccessful attempts, block login date, last successful login and etc. For password is also possible set flag **Password never expires**. This flag disable filling valid till. Password never expires and another attributes for password like valid till, is possible set via agenda information about password that is accessible via identity detail and password agenda. For update these attributes you will need permission ''PASSWORD\_UPDATE'' and ''PASSWORD\_READ'' |
| |
| |
====== Time slices of contracts ====== | ====== Time slices of contracts ====== |