This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. CKG Edit ====== Systems with single password ====== {{tag>one single password system systems}} **System with single password**, in CzechIdM also know as **Uniform password**, very simplifies standard user login and change password trough every systems that is managed by CzechIdM application. Combination with [[devel:documentation:uniform_password:password_filter_idm|password synchronization]] can standard users change password only on their local workstation and everything else, like **validation** and **provisioning password** to new systems, will be processed by **CzechIdM application**. <note tip>Passwords can be [[devel:documentation:uniform_password:password_filter_idm|synchronize]] and then distributed to **all connected system** that are defined in uniform password system.</note> Pictures below shows different password change forms in CzechIdM where **isn't configured uniform password system** (left side) and CzechIdM **where is uniform password configured** (right side). In the right side is **only two options** that is defined **by Administrator in Uniform system agenda**. The labels can be <wrap hi>**easy to understand** for standard user that want change only password and don't know anything about some inner systems in company</wrap>. {{ :devel:documentation:uniform_password:uniform_password_01.png |}} **Password synchronization** from Active Directory can be used as **simple example** for best combination password synchronization and uniform system. {{ :devel:documentation:uniform_password:uniform.png|}} On the left side is shown process in IdM that use password synchronization and uniform password: * The process that synchronizes password is highlighted with green color. **Process sends password to IdM**, * process in IdM including password synchronization itself and uniform password behavior is highlighted with blue color. The process **receives password request** from the system and **prepare new password request** and **distributes the request** to all other systems including IdM itself, * process highlighted with orange color is password provisioning to connected system in IdM.. ===== How it works for standard user? ===== {{:devel:documentation:uniform_password:uniform_password_04.png?400 |}} For example if user has these accounts on the systems: In IdM exists these systems: * First Active Directory, * Second Active Directory, * Open Ldap, * Card System, * Table system. In our example user wants change password and has accounts only in these systems: First Active Directory, Open Ldap, Card System. User initialize password change on his own workstation and feature [[devel:documentation:uniform_password:password_filter_idm|password synchronization]] send the password to IdM. **In IdM will be password validation for password policies for each system where has user his account**. In our case will be password validation only trough password policies from these systems: First Active Directory, Open Ldap, Card System. {{ :devel:documentation:uniform_password:uniform_password_05.png|}} <wrap hi>Even the definition of uniform password define more systems the password will be validated only password policies for user's account set.</wrap> Same behavior as validation has also password change itself. Password will be changed for each system where has user his account. ===== IdM as one of connected system ===== {{:devel:documentation:uniform_password:uniform_password_07.png?400 |}} On standard password change is allowed select option that change password through IdM: {{:devel:documentation:uniform_password:uniform_password_06.png|}}. This option is also available in uniform password. The option is set by checkbox **Change password through IdM** on uniform password detail. Change password through IdM has some advantages over other systems: * **checks of old passwords for match**, * **block login after exceeding the limit** of unsuccessful login attempts. <note tip>If administrator wants validate passwords for match in history records, they must set CzechIdM as one of connected systems by checkbox.</note> <note tip>Passwords in IdM are never stored as plaintext. For stored is used Bcrypt cipher.</note> by kopro Log In