Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Policy Rule - Scope: User

maurabagley
New Contributor
New Contributor

‎09/13/2023 01:36 PM - last edited on ‎09/13/2023 02:23 PM by Community Manager

  1. When was the SaviyntDefaultRule password policy added?  I have a 23.5 env that has it and one that doesn’t.
  2. Is this policy applied to every user in Saviynt, assuming you change the user’s password via Saviynt or does it have to be applied to the user first?  For instance, can some users not have a password policy and some have one?
  3. If we want to enforce a stricter password policy, can we create a new one?  If so, how do we use that one instead of SaviyntDefaultRule?  (I know we can edit the existing one.)
  4. How can we ensure that a user’s password has been changed after a new password policy is put in place?  I see that the user table has lastpasswordupdatedate but the policyrule table doesn’t have any update date.
  5. If we want a stricter password policy applied to the admin, systemadmin, and SaviyntSupportAgent accounts, do we have to coordinate that with Saviynt?  I assume so for the SaviyntSupportAgent accounts but I’m not sure what the implications are of changing the admin and systemadmin accounts.
0 Kudos
6 REPLIES 6

pruthvi_t
Saviynt Employee
Saviynt Employee

‎09/15/2023 11:40 AM

Hi @maurabagley ,

Greetings.

  • Saviynt's default password policy comes with the build with predefined settings. you can always edit it based on your requirements.
  • you can have only one USER scope password policy which would be applied to all the users.

Please take a look at the below screenshot and the documentation portal link, which describes the user scope password policy, application scope password policy and it has all the information on how they work. There are also sublinks in the left panel under this which gives you an insight into creating, updating and viewing the password policies and how they're assigned as well. 

Screenshot 2023-09-15 at 11.30.15 AM.png

documentation link : https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/Manag...

Thanks,


Regards,
Pruthvi
0 Kudos

rushikeshvartak
All-Star
All-Star

‎09/17/2023 07:25 PM

  1. When was the SaviyntDefaultRule password policy added?  I have a 23.5 env that has it and one that doesn’t.
    1. By default SaviyntDefaultRule password policy gets created, if its missing you can create manually.
  2. Is this policy applied to every user in Saviynt, assuming you change the user’s password via Saviynt or does it have to be applied to the user first?  For instance, can some users not have a password policy and some have one?
    1. Scope USER is always ONLY  one policy per instance
  3. If we want to enforce a stricter password policy, can we create a new one?  If so, how do we use that one instead of SaviyntDefaultRule?  (I know we can edit the existing one.)
    1. You can update existing SaviyntDefaultRule
  4. How can we ensure that a user’s password has been changed after a new password policy is put in place?  I see that the user table has lastpasswordupdatedate but the policyrule table doesn’t have any update date.
    1. You can expire all user's password by updating user's table passwordexpired column
  5. If we want a stricter password policy applied to the admin, systemadmin, and SaviyntSupportAgent accounts, do we have to coordinate that with Saviynt?  I assume so for the SaviyntSupportAgent accounts but I’m not sure what the implications are of changing the admin and systemadmin accounts.
    1.  In order to avoid implication, Keep saviynt support upto date about change using Support ticket

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

maurabagley
New Contributor
New Contributor

‎10/11/2023 09:35 AM

I need official word from Saviynt whether or not we can change the admin, systemadmin, SaiyntSupportAgent1/2/3 passwords on a regular basis to comply with company policies.  Does Saviynt need to be involved for any of the changes (e.g. SaviyntSupportAgent).  Also, does having an expiration date on these accounts impact any processes if the password expires (assuming the accounts are not used in Sav4Sav connectors or API calls).

0 Kudos

pruthvi_t
Saviynt Employee
Saviynt Employee

‎10/16/2023 11:02 AM

@maurabagley ,

How often are you going to change passwords for these accounts tom comply with your policies??

Also can you please elaborate on having the expiration date fro the users part.

Thanks,


Regards,
Pruthvi
0 Kudos

NancyT
New Contributor
New Contributor
In response to pruthvi_t

‎10/18/2023 11:29 AM

Hi Pruthvi_t,

Would an saviynt_api_admin id tied to the local auth sign on?

Are the saviyntsupportagent ids in the same classification as and the Admin or systemadmin ids?

By changing the password policy settings , except for the password expiration will that impact the admin, saviyntagent or the api ids? 

Thank you,

Nancy

0 Kudos

pruthvi_t
Saviynt Employee
Saviynt Employee

‎10/30/2023 10:13 AM

@NancyT ,

API service users will have their local auth if they're already being used. But it is suggested not to use API users with elevated permissions to be used through UI nor shared with users who doesn't need access to them.

Can you please elaborate on what are you referring regarding classification of saviyntsupportagent ids.

Thanks,


Regards,
Pruthvi
0 Kudos
Copyright © 2024 Khoros, LLC