Externally managed passwords prevent password changes within 黑料海角91入口, both by users and admins. When users password authority is set externally, they will no longer receive password expiration notifications and password expirations won鈥檛 apply to them.
Use this setting when a user鈥檚 password is being managed by an upstream integration or when they鈥檙e authenticating with an external Identity Provider (IdP).
Prerequisites
- The appropriate integration, like Active Directory or an IdP, is configured in 黑料海角91入口 OR an upstream SCIM/provisioning integration is configured.
Considerations
- Once this user setting is enabled, users will not be able to change their own password from their 黑料海角91入口 device tray application, User Portal, or any other password reset flow. Additionally, admins won鈥檛 be able to set user passwords from the Admin Portal.
- The Externally Managed Password setting requires that an integration be selected for the password authority.
- If the user is associated to an Active Directory Integration, changes to the externally managed password may be overwritten on the next Active Directory Integration sync.
Setting the Password Authority for Users in the Admin Portal
To set the password authority for your users:
- Log in to the .
- Go to USER MANAGEMENT > Users.
- Click on the user you want to set the password authority for.
- Click on the Details tab, then open the dropdown for User Security Settings and Permissions.
- Under Externally Managed Password, select the Password Authority from the dropdown menu.
- Click save user. They won鈥檛 be able to change their password through 黑料海角91入口. If the Password Authority is integrated with 黑料海角91入口, the user will be able to change their password in the upstream application and the password will be allowed to synced to 黑料海角91入口.
- The user will see a message in their user portal under Security > Password, that says Your password is externally managed and can鈥檛 be updated in 黑料海角91入口.
- This change will be updated and made visible in a few different places in the admin portal:
- On the Users list page, under the Password Status column, the user鈥檚 password authority will be visible. It will say Password Externally Managed if their password authority is external.
- Once you click on a specific User and pull up their information page. Their password authority will also be listed directly under their profile > Security Status.
Default External Password Authority
You can restrict users from being able to change their passwords in 黑料海角91入口 by setting the password authority as an upstream integration, like Active Directory.
Note: This option will apply to all new users going forward. Any new users won鈥檛 be able to set or update their passwords in 黑料海角91入口.
To set the default external password authority from User Settings:
- Log in to the .
- Go to USER MANAGEMENT > Users.
- In the top right corner, click Settings.
- Under Default External Password Authority, click the Password Authority dropdown menu and select which password authority you鈥檇 like to use (Active Directory, Federated Identity Provider, or SCIM Integration).
- Click Save, then you鈥檒l be prompted to confirm your selection.
- Click Yes, Continue.
- You鈥檒l see the updated password authority on the Users list page under the Password Status column. If the user鈥檚 password is externally managed, it will say 鈥淢anaged by (name of password authority)鈥 under the Password Status column.
Once the Default Password Authority is set, all new users will have this setting applied on creation when no other value is provided.
- Users created via integration (Cloud Directory, SCIM, etc.) will always be created with the selected Password Authority.
- Users created via REST API will also always be created with the selected Password Authority unless a different (or is set to No) Password Authority is provided in the API call.
- Users created manually will have the Default Password Authority applied in the User Security Settings and Permissions section. This can be changed to a different (or is set to No) Password Authority.
Bulk Apply the External Password Authority
To bulk apply the default external password authority for users:
- From the Users list, select the checkboxes next to all of the users you鈥檇 like to apply the password authority setting to.
- In the top right corner, click the More Actions dropdown menu, then select Set External Password Authority.
- On the next page, click the Password Authority dropdown menu and select which password authority you鈥檇 like to use (Active Directory, Federated Identity Provider, or SCIM Integration).
- Click Save. This will apply to all users selected moving forward.
- You鈥檒l see the updated password authority on the Users list page under the Password Status column, and the Externally Managed Password column. If the user鈥檚 password is externally managed, it will say True (or False if not), and 鈥淢anaged by (name of password authority)鈥.