Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help in understanding PasswordExpired attribute of users table

Go to solution
grishma_kadam
New Contributor
New Contributor

‎10/07/2024 02:42 AM

I want to understand what exactly does passwordExpired attribute of users table do ?

I have gone through documentation and there it is mentioned that if set to  

  • '0' indicates that questions will not be asked.

  • '1' indicates that questions will be asked.  

By questions does this mean security questions if yes, then does it mean user will be asked to set questions and answers as well as reset the password when user logs in for the first time if passwordExpired=1?
And what happens if passwordExpired is set to 0?

Truly appreciate if somebody sheds more light on this and help me understand the functionality.

Labels:
0 Kudos
3 REPLIES 3

Go to solution
rushikeshvartak
All-Star
All-Star

‎10/07/2024 07:14 AM

The passwordExpired attribute in Saviynt's users table is used to manage the user password lifecycle and enforce specific actions based on the state of the password. It controls what happens when a user logs in, particularly around prompting for password reset or security questions.

Functionality of passwordExpired:

  • When passwordExpired = 1:

    • This indicates that the user's password has expired.
    • When the user logs in, they will be prompted to reset their password, and in some configurations, they might also be asked to answer security questions if these have been configured in the environment.
    • If security questions are enabled for password reset:
      • The user may be required to set up security questions and answers if they haven't already.
      • They might need to answer previously set security questions as part of the password reset process.
    • Typically, this is useful when the user logs in for the first time after an account is provisioned, or if the password expiration policy has been enforced.

  • When passwordExpired = 0:

    • This indicates that the user's password has not expired, so the user can log in normally without being asked to reset their password.
    • They will not be prompted to answer security questions (if this feature is enabled).
    • In this case, no password reset or security question prompt is triggered when the user logs in.

Behavior When passwordExpired = 1:

  1. Password Reset: The user will be required to reset their password upon login.
  2. Security Questions: If the environment is configured to enforce security questions for password reset, the user will be prompted to:
    • Set up their security questions and answers (if not already done).
    • Answer their existing security questions (if already set up) as part of the reset process.

Behavior When passwordExpired = 0:

  • The user can log in normally without being prompted to reset their password or answer security questions.

Use Cases:

  • Newly Provisioned Users: When a new user is provisioned in the system, their passwordExpired might be set to 1 so that they are forced to reset their password during their first login and optionally set up security questions.
  • Periodic Password Expiry: If your organization enforces a periodic password expiration policy (e.g., every 90 days), setting passwordExpired = 1 would ensure that users reset their password upon login after the expiration period.

Configuration Considerations:

  • The security question prompt only appears if the system has been configured to use security questions for password resets.
  • The exact behavior may depend on the password policy and security settings configured in Saviynt.

If security questions aren't enabled in your environment, setting passwordExpired = 1 would simply trigger a password reset prompt without any additional steps for security questions.

In summary, the passwordExpired attribute primarily controls whether a user is required to reset their password upon login, and if security questions are configured, it also manages whether those questions will be involved in the password reset process.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
grishma_kadam
New Contributor
New Contributor

‎10/07/2024 08:21 PM

Thanks for the well detailed information.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to grishma_kadam

‎10/07/2024 08:24 PM

Please click the 'Accept As Solution' button on the reply (or replies) that best answers your original question and hit 'Kudos' button 👍.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC