Force newly created users to change their password on first login in CA Identity Manager

Document ID : KB000010547
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

This PX Policy is helpful for your environment if you provide users with a default password when they're created in Identity Manager. The users will be able to log in for the first time with the default password you create for them, and then they will be prompted to change it to whatever they choose. This is done by setting the DisabledState of your newly hired users to 16777216. 

Instructions:

Here is the most basic form of the PX Policy. It can be modified to fit your needs, such as adding entry rules or changing the event on which the PX Policy executes. 

 

2017-10-05 14_48_46-Identity Manager _ Create Policy Xpress Policy.jpg

2017-10-05 14_49_26-Identity Manager _ Create Policy Xpress Policy_ Disabled State 16777216.jpg

2017-10-05 14_50_34-Identity Manager _ Create Policy Xpress Policy_ Disabled State 16777216.jpg

2017-10-05 14_50_45-Identity Manager _ Create Policy Xpress Policy_ Disabled State 16777216.jpg

Once this PX Policy is in place, after every instance of the CreateUserEvent the new user will have their DisabledState value changed to 16777216 (default is 0). This 16777216 flag forces users to change their password next time they log in.