Differences

This shows you the differences between two versions of the page.

Link to this comparison view

devel:documentation:uniform_password:uniform_password [2020/08/31 07:22]
kopro created 		devel:documentation:uniform_password:uniform_password [2020/09/07 14:05] (current)
kopro add documentation for uniform password system
Line 1: Line 1:
-====== Uniform password ======+====== Systems with single password ====== 
 +{{tag>one single password system systems}} 
 + 
 +**System with single password**, in CzechIdM also know as **Uniform password**, very simplifies standard user login and change password trough every systems that is managed by CzechIdM application. Combination with [[devel:documentation:uniform_password:password_filter_idm|password synchronization]] can standard users change password only on their local workstation and everything else, like **validation** and **provisioning password** to new systems, will be processed by **CzechIdM application**. 
 + 
 +<note tip>Passwords can be [[devel:documentation:uniform_password:password_filter_idm|synchronize]] and then distributed to **all connected system** that are defined in uniform password system.</note> 
 + 
 +Pictures below shows different password change forms in CzechIdM where **isn't configured uniform password system** (left side) and CzechIdM **where is uniform password configured** (right side). In the right side is **only two options** that is defined **by Administrator in Uniform system agenda**. The labels can be <wrap hi>**easy to understand** for standard user that want change only password and don't know anything about some inner systems in company</wrap>
 + 
 +{{ :devel:documentation:uniform_password:uniform_password_01.png |}} 
 + 
 + 
 +**Password synchronization** from Active Directory can be used as **simple example** for best combination password synchronization and uniform system. 
 + 
 +{{ :devel:documentation:uniform_password:uniform.png|}} 
 + 
 +On the left side is shown process in IdM that use password synchronization and uniform password: 
 + 
 +  * The process that synchronizes password is highlighted with green color. **Process sends password to IdM**, 
 +  * process in IdM including password synchronization itself and uniform password behavior is highlighted with blue color. The process **receives password request** from the system and **prepare new password request** and **distributes the request** to all other systems including IdM itself, 
 +  * process highlighted with orange color is password provisioning  to connected system in IdM.. 
 + 
 +===== How it works for standard user? ===== 
 + 
 +{{:devel:documentation:uniform_password:uniform_password_04.png?400 |}} 
 + 
 +For example if user has these accounts on the systems: 
 + 
 + 
 +In IdM exists these systems: 
 +  * First Active Directory, 
 +  * Second Active Directory, 
 +  * Open Ldap, 
 +  * Card System, 
 +  * Table system. 
 + 
 +In our example user wants change password and has accounts only in these systems: First Active Directory, Open Ldap, Card System.  
 + 
 +User initialize password change on his own workstation and feature [[devel:documentation:uniform_password:password_filter_idm|password synchronization]] send the password to IdM. **In IdM will be password validation for password policies for each system where has user his account**. In our case will be password validation only trough password policies from these systems: First Active Directory, Open Ldap, Card System. 
 + 
 +{{ :devel:documentation:uniform_password:uniform_password_05.png|}} 
 + 
 +<wrap hi>Even the definition of uniform password define more systems the password will be validated only password policies for user's account set.</wrap> 
 + 
 +Same behavior as validation has also password change itself. Password will be changed for each system where has user his account. 
 + 
 + 
 +===== IdM as one of connected system ===== 
 + 
 +{{:devel:documentation:uniform_password:uniform_password_07.png?400 |}} 
 + 
 +On standard password change is allowed select option that change password through IdM: {{:devel:documentation:uniform_password:uniform_password_06.png|}}. This option is also available in uniform password. The option is set by checkbox **Change password through IdM** on uniform password detail. 
 + 
 +Change password through IdM has some advantages over other systems: 
 +  * **checks of old passwords for match**, 
 +  * **block login after exceeding the limit** of unsuccessful login attempts. 
 + 
 +<note tip>If administrator wants validate passwords for match in history records, they must set CzechIdM as one of connected systems by checkbox.</note> 
 + 
 +<note tip>Passwords in IdM are never stored as plaintext. For stored is used Bcrypt cipher.</note> 
 + 
 + 
 + 
  
  • by kopro