| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
devel:documentation:uniform_password [2020/08/31 14:22]
kopro Copy from release notes |
devel:documentation:uniform_password [2021/03/23 14:24] (current)
svandav [Uniform password for new accounts] |
| <- .:systems | Systems ^ .:start | Documentation ^ .:accounts | Accounts -> | <- .:wizards| ^ .:start | Documentation ^ .:accounts | Accounts -> |
| | {{tag>synchronization password filter passwordfilter echo echos uniform password system systems one password}} |
| |
| ====== Uniform password system ====== | ====== Password synchronization ====== |
| |
| <note important>In progress</note> | |
| |
| ===== Password filter in IdM ===== | |
| |
| Since version 10.5.0 CzechIdM supports password validation request and change request from [[https://docs.microsoft.com/en-us/windows/win32/secmgmt/password-filters|Active Directory password filter components]]. CzechIdM solve cycling calling and pretends the cycles from password filter calling with new ECHO system that catch these cycles from IdM ↔ AD. Password filter can be setup for all system has mapping for identity and support password changed. For echos can be set interval (timeout). The interval marks how log will be echo record valid. Next settings is transformation script for find identity in IdM by given identifier from password filter. More about whole [[devel:documentation:uniform_password:password_filter_idm|functionality can be found there]]. | ===== Password synchronization from external system to IdM ===== |
| | {{ :devel:documentation:uniform_password:pf001.png?400|}} |
| |
| ===== Uniform password ===== | Since version **10.5.0** CzechIdM allows **synchronize password from external system**. Passwords can be synchronized for example from [[https://en.wikipedia.org/wiki/Active_Directory|Active Directory]]. Password synchronization very helps standard users because they **don't need change their password on every system that they use separately**. They just simple change password on their own workstation. External system sends the password change request to IdM and IdM will take care of the rest of the password change process -> **distribution password to next system** like AD, Open Ldap, Card system, ... . |
| Uniform password definition simplify password change form for basic CzechIdM users and always enforces that password will be changed trough systems in defined uniform password system. The combination with password filter is uniform system powerful tool that allow one password trough all connected system in IdM. More about [[devel:documentation:uniform_password:uniform_password|password uniform system can be found there]]. | |
| | CzechIdM solve cycle calling and prevents the cycles from password synchronization and classic password change with the new ECHO system. |
| | |
| | More about the [[devel:documentation:uniform_password:password_filter_idm|password synchronization can be found there]]. |
| | |
| | |
| | ===== One password trough all connected systems ===== |
| | |
| | {{ :uniform_password.png?400|}} |
| | |
| | The feature **uniform password** simplify password change form for basic CzechIdM users and always enforces that password will be changed trough systems in defined uniform password definition. |
| | |
| | The combination with password synchronization is uniform password powerful tool that allow one password trough all connected system in IdM. |
| | |
| | More about [[devel:documentation:uniform_password:uniform_password|one password trough all systems can be found there]]. |
| | |
| | |
| | ===== Password filter - dll library ===== |
| | Password filter is a useful [[https://en.wikipedia.org/wiki/Active_Directory|Active Directory]] extension which provides a manner for common MS Windows users to change their password by a standard way such as (ctrl + alt + del) and have this new password propagated to IdM. Depending on the IdM configuration, the new password may be propagated into other related systems and thus maintain unified password on them. An integral part is also validation, if the new password meets all password policies. |
| | More about [[devel:documentation:uniform_password:password_filter_dll| password filter dll library for AD can be found there]] |
| | |
| | ===== Uniform password for new accounts ===== |
| | {{tag>uniform password common account create}} |
| | The main goal of a uniform password for new accounts is to ensure that new identities will have the same password in newly created accounts. |
| | |
| | More about this you can found [[.:adm/uniform_password| here]]. |
| |
| {{ :uniform_password.png |}} | |