Differences
This shows you the differences between two versions of the page.
devel:documentation:uniform_password:uniform_password [2020/08/31 07:22] kopro created |
devel:documentation:uniform_password:uniform_password [2020/09/07 14:05] (current) kopro add documentation for uniform password system |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Uniform password ====== | + | ====== |
+ | {{tag> | ||
+ | |||
+ | **System with single password**, in CzechIdM also know as **Uniform password**, very simplifies standard user login and change password trough every systems that is managed by CzechIdM application. Combination with [[devel: | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | Pictures below shows different password change forms in CzechIdM where **isn' | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | |||
+ | **Password synchronization** from Active Directory can be used as **simple example** for best combination password synchronization and uniform system. | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | On the left side is shown process in IdM that use password synchronization and uniform password: | ||
+ | |||
+ | * The process that synchronizes password is highlighted with green color. **Process sends password to IdM**, | ||
+ | * process in IdM including password synchronization itself and uniform password behavior is highlighted with blue color. The process **receives password request** from the system and **prepare new password request** and **distributes the request** to all other systems including IdM itself, | ||
+ | * process highlighted with orange color is password provisioning | ||
+ | |||
+ | ===== How it works for standard user? ===== | ||
+ | |||
+ | {{: | ||
+ | |||
+ | For example if user has these accounts on the systems: | ||
+ | |||
+ | |||
+ | In IdM exists these systems: | ||
+ | * First Active Directory, | ||
+ | * Second Active Directory, | ||
+ | * Open Ldap, | ||
+ | * Card System, | ||
+ | * Table system. | ||
+ | |||
+ | In our example user wants change password and has accounts only in these systems: First Active Directory, Open Ldap, Card System. | ||
+ | |||
+ | User initialize password change on his own workstation and feature [[devel: | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | <wrap hi>Even the definition of uniform password define more systems the password will be validated only password policies for user's account set.</ | ||
+ | |||
+ | Same behavior as validation has also password change itself. Password will be changed for each system where has user his account. | ||
+ | |||
+ | |||
+ | ===== IdM as one of connected system ===== | ||
+ | |||
+ | {{: | ||
+ | |||
+ | On standard password change is allowed select option that change password through IdM: {{: | ||
+ | |||
+ | Change password through IdM has some advantages over other systems: | ||
+ | * **checks of old passwords for match**, | ||
+ | * **block login after exceeding the limit** of unsuccessful login attempts. | ||
+ | |||
+ | <note tip>If administrator wants validate passwords for match in history records, they must set CzechIdM as one of connected systems by checkbox.</ | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | |||
+ | |||