SecureAuth IdP Version affected: All
Description:
Example:
- Realm configuration is set to Enforce Password Change Requirements
- Active Directory Enforce password history is set to remember the user's last 3 passwords. The user performs multiple password resets and is able to reuse most recent passwords #2 and #3.
Cause:
Using Enforce Password Change Requirements, the SecureAuth appliance actually makes a randomized password change in Active Directory BEFORE the user's actual password is reset. This effectively means the user password is changed twice for every one time they do a password reset.
Resolution:
For this example, if the desired password history to be remembered is 3, you would actually need to set this value in Active Directory to 6. This would account for 3 user password changes, which would also account for the 3 randomized password resets done by the appliance as part of the password reset process, for a total of 6.
Comments
Please sign in to leave a comment.