0 votes

We are looking for a tool that can support a blacklist for password resets and that will enforce this blacklist to certain OU groups but not others, or potentially use a whitelist of users that it will not be enforced upon.

by (250 points)
0

Hello,

Do we understand correctly that you need to disallow using specific passwords? If that is correct, you can use a Business Rule triggering Before resetting password of a user. The rule will validate the entered password against predefined values and cancel the password reset if there is a match found. The Business Rule will be effective only for users located in the containers/OUs specified in the Activity Scope. If this approach meets your needs, please, provide us with all the possible details regarding the desired validation and we will get back to you with detailed instructions.

If this is not what you meant, please, provide us with all the possible details regarding the desired behavior.

0

How big can the list of predefined values be?

0

Hello,

There are no limits. You will just need to predefine the values that are not allowed for passwords. Additionally, if you want to disallow some property values (e.g. including usernames into passwords), you will not need to specify all existing values, instead, you can use value references.

Please log in or register to answer this question.

Related questions

0 votes
1 answer

I am trying to see if I can implement this in Adaxes somehow to support role-based provisioning to external apps (using appropriate Powershell scripts) but struggling to work ... to invest in a full-blown role-based provisioning platform (would rather not!).

asked Dec 24, 2019 by Bernie (1.6k points)
0 votes
0 answers

I'd like to implement an architecture whereby all Domain Users can request membership in any domain security group. I'd also like to allow the OU Owners to have ... from their groups without granting them the ability to remove users from all security groups?

asked Mar 25 by sirslimjim (650 points)
0 votes
1 answer

When we deprovision a user the member of groups are deleted and the power shell scrips only runs as removing all memberships. I can't see what was removed. Is there a scrips I can run prior to removing those memberships that will e-mail what they are?

asked Oct 15, 2019 by meyerm (280 points)
0 votes
1 answer

hello, since the update in 2011.3, I can not connect to the web portal with a user account from another domain. below the error after connecting:

asked Nov 22, 2011 by mmichard (3.7k points)
+1 vote
1 answer

We set up a new hire form that has serveral custom text attributes that include pay rate, etc. These fields are routed to the correct departments via a PowerShell ... Is there anyway to prevent certain attributes from displaying in the approver request email?

asked Jan 8 by dhuffman (460 points)
2,135 questions
1,900 answers
5,319 comments
3,535 users