@Fabrice I’m fairly certain that there is no settings for password change frequency or to block users from using the same password again. Only password complexity rules you can control are in https://docs.ifs.com/techdocs/23r2/030_administration/010_security/040_iam_settings/070_password_policies/#password_policies.
At what point a user gets locked I unfortunately can’t answer.
But long story short: IFS strongly recommends - and somewhat expects - that you use an external IDP (like Azure AD). From past conversations adding the functionalities you are asking for is not priority - due to that expectation.
What is the reason that the customers uses IFS IAM and not an External IDP?
Hi Jonas,
I told them they had to use an external IDP if they want to use advanced set up like double authentication. But it seems for the moment they don’t want to use this type of external solution.
So I can tell them that the first two points are not managed by IFS IAM.
For the last question I tested it manually and it seems the account is locked after 5 bad attempts.
Thank you,
Fabrice
Hi @Fabrice
- Is it possible to define a frequency at which users must change their password?
The possibility exists in the oracle profile which every ORACLE user is created upon. But this does no longer affect IFS Users in IFS Cloud. Except the ones in the database like ifsapp and others.
- Possibility to control that the new password is not the same than the previous ones when it’s changed
There was the possibility to make use of an oracle script or an own procedure to check the passwords upon creation including some specific features like the ones you mentioned.
There are further requests to enhance the existing password policies Jonas mentioned earlier.
But those are not in place right now. Not even sure if this is already posted somewhere.
- What is the default number of times the user can try to connect before the account is locked
There are no seetings regarding this by now as it is the same as #1. Normally in an oracle profile but not available in IFS Cloud.
There are possibilities behind IFS IAM which are not yet implemented or blocked off. The result is the current setup of the password policies.
Regards,
TT