User password change is not propagated to end point

Document ID : KB000027242
Last Modified Date : 14/02/2018
Show Technical Document Details


When a user changes his/her password in Identity Manager, the change is not propagated to end point accounts. The password change is made to the Identity Manager user store and the Global User. Note, however, when the administrator (superuser) changes the password it does get propagated to the end point accounts.



This document applies to CA Identity Manager 12.5.x and 12.6.x



There are two ways to resolve it, via Event Configuration and Corporate/Provisioning directory configuration


Event configuration:

  1. Select Admin Roles, Modify Admin Task in the Identity Manager User Console.
  2. Search for and select the Password Services task.
  3. On the Profile tab, ensure the following settings:
    • User Synchronization: On task completion
    • AccountSynchronization: On every event

    Figure 1

    Figure 2

  4. Save and try again.


 Corporate / Provisioning directories (if the same) configuration:

  1. Make sure you have a valid user in the Corporate User in the Identity Manager Environments: Provisioning: Advanced Settings: Provisioning section.
  2. Modify your directory.xml to include the eTSelfAdminPermitted attribute. In the Global User section, add the following line:
    <ImsManagedObjectAttr physicalname="eTSelfAdminPermitted" description="Self Admin Permitted" displayname="Self Admin permitted" valuetype="String" maxlength="1"/>
  3. Import the new directory.xml file.
  4. Edit relevant screens in order to include the attribute. The attribute type should be a string and the default value should be '1'.

NOTE: This procedure will not fix existing user records with passwords mismatches. These need to be fixed by setting the value of the attribute using a batch file.