0 votes

We are looking for a tool that can support a blacklist for password resets and that will enforce this blacklist to certain OU groups but not others, or potentially use a whitelist of users that it will not be enforced upon.

by (20 points)
0

Hello,

Do we understand correctly that you need to disallow using specific passwords? If that is correct, you can use a Business Rule triggering Before resetting password of a user. The rule will validate the entered password against predefined values and cancel the password reset if there is a match found. The Business Rule will be effective only for users located in the containers/OUs specified in the Activity Scope. If this approach meets your needs, please, provide us with all the possible details regarding the desired validation and we will get back to you with detailed instructions.

If this is not what you meant, please, provide us with all the possible details regarding the desired behavior.

0

How big can the list of predefined values be?

0

Hello,

There are no limits. You will just need to predefine the values that are not allowed for passwords. Additionally, if you want to disallow some property values (e.g. including usernames into passwords), you will not need to specify all existing values, instead, you can use value references.

0

Hi, I would dearly want to know how to configure this rule also as so far on the business rule, the options after choosing the action of 'resetting password' is currently limited.

Many thanks,

0

Hello Stevie,

The business rule will look like the below. image.png The script in the rule will get values from a file and check the user password against the values. If certain conditions are not met, the script will cancel user password reset. If you have issues writing the script yourself, please, describe the exact desired behavior in all the possible details with live examples. Also, please, post here a screenshot or send us (support@adaxes.com) a sample of the file. The easiest way is to have a CSV file with just a single column.

0

Thank you for your quick response. Do i have to create the script myself or is there a default set of scripts to select from somewhere?

0

Hello Stevie,

There is no exact script in our repository, but the following one might be helpful: https://www.adaxes.com/script-repository/verify-complexity-requirements-for-user-password-s155.htm. As we mentioned above, if you have issues writing the script yourself, please, provide the requested details and we will help you.

0

Thanks for the steer, I will try and put one together and let you know how i get on.

0

One more question, will this only work if the users password is reset through the Adaxes portal or will it work when a user resets it via ctrl,alt & delete?

0

Hello Stevie,

It will only work when a user password is reset via Adaxes. If any other tools are used for the reset, the business rule will not trigger. This behavior is by design and cannot be changed.

Please log in or register to answer this question.

Related questions

0 votes
1 answer

When a new user account is created by copying an existing one, is it possible to prevent the new account from becoming a member of security groups in a specific OU (when the ... same way as the account being added to the group, which I need for audit purposes.

asked Sep 28, 2020 by markcox (70 points)
0 votes
1 answer

The account is configured with the user's email address as its name and the icon says third party.

asked Aug 19, 2021 by bsteele (90 points)
0 votes
1 answer

Where are the result options located for Reports? I have several admins that do a All Users report search then click on the User Name, from the Menu on the left ... the user does not have the option to select these options. Standard Password Configuration:

asked Sep 2, 2020 by dknapp (100 points)
0 votes
1 answer

I am trying to see if I can implement this in Adaxes somehow to support role-based provisioning to external apps (using appropriate Powershell scripts) but struggling to work ... to invest in a full-blown role-based provisioning platform (would rather not!).

asked Dec 24, 2019 by Bernie (310 points)
3,326 questions
3,025 answers
7,724 comments
544,678 users