Requests for Others

As described in Enabling Password Management in IdentityIQ, the sets of Identities for which a user can make requests, as well as the types of requests available to each user, depend on the Lifecycle Manager Configuration settings that apply to that Identity. The rest of this section assumes that the logged-in user is authorized to make password requests for the Identity needing a password change.

Complete these steps to reset another user's password on an external application through IdentityIQ:

  1. From the Manage Access Quicklink, click Change Passwords and select For Others.

  2. Select the Identity for whom the password change is required.

  3. Specify the password change method:

    • Set passwords for the selected accounts: enter new passwords manually on this window

    • Synchronize passwords for selected accounts: apply a single manually entered password to all of the selected accounts (rather than entering a separate new password for each selected account)

    • Generate passwords for the selected accounts: allow system to generate new passwords

When passwords are reset for another user, the system automatically sets a flag that tells the external application to require a password reset upon initial login by the user, so whether the password is manually set or generated, the user is prompted to change it when they first sign in to the target application.

The Generate passwords for the selected accounts option can be turned on or off from the Lifecycle Manager Configuration window, Additional Options tab. Select or clear the Enable password auto-generation when requesting for others box in the Manage Password Options section.

  1. Select the application account or accounts for which the password is being changed.

  2. Enter the new password twice - once in New Password and once in Confirm Password - if prompted.

    • If Generate passwords for the selected accounts is selected, the system does not prompt for a new password.

    • If Synchronize passwords for the selected accounts is selected, the password prompting occurs one time at the top of the window above the accounts list.

    • Otherwise, each selected application account has a set of password prompt boxes.

  1. Click Submit at the bottom of the window to submit all password changes.

If the entered passwords do not match or if the password does not meet the requirements of the application's password policy, an error message is displayed on this window and the password values must be reentered before the requested changes can be successfully be submitted.

  1. A summary of the requested changes is displayed on the next window. If the password is a generated password, the password is displayed in the Password column. If it was manually entered, it is represented with ***** in that column. Review this summary and click Submit (or click Cancel or Make Additional Changes if the changes noted in the summary do not match the desired changes). Individual line items can be deleted from this window by clicking the icon on any row. Comments can be added to any of the change records by clicking the icon in the Add Comments column. These comments are stored on the IdentityRequest object, which can be accessed later through the access request pages.

The password reset only occurs if all requested changes can be made successfully. If the password reset fails, an error message is displayed at the top of the page indicating the failure.