We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Appropriate regex and clarity for regex a requirement for service account

Manpreet_Kaur
New Contributor II
New Contributor II

Hi Experts ,

I am facing this issue with the regex .

So a normal account password can be reset using only the front end check in the password policy and regex is not required in this case .

Alternatively , when service account passwords are being reset they are asking for regex as a requirement

Why is it so ? Why is it developed in such a way that it works without regex for normal account but for service account it requires regex.

Also, if the regex is a requirement can you help me generating the appropriate regex so that the generated password may sync with the AD password policy.

The AD policy is as below:

Not contain the user's account name or parts of the user's full name that exceeds two consecutive characters

Contain characters from three of the following four categories -:

English uppercase characters( A through Z)

English lowercase characters (a through z)

Base 10 digits(0 through 9)

Non-alphabetic characters

Complexity requirements are enforced when passwords are changed or created.

I was using the regex given by one of the Saviynt experts, regex as below:

^(?=.{16,16}$)(?:([\w~!@#$%^&?])(?!\1))+$

The parameters that are used along with the regex are as below:


Maximum Repeated Characters-2
Disallow Last Password-5
Maximum Length-16
Expire After (Days)-90
Minimum Length-16

However, at times the users are still  facing issues while checking out the credentials and we need to reset their Privilege ID passwords.

Thanks

Manpreet Kaur

 

2 REPLIES 2

NageshK
Saviynt Employee
Saviynt Employee

@Manpreet_Kaur Thanks for posting your question. Is this a continuation of the scenario discussed in this forum post?

https://forums.saviynt.com/t5/privileged-access-management/password-policy-max-repeated-characters/m...

 

Also, please note that there is a difference between "maximum consecute repeated characters" and "maximum repeated characters". Which option are you trying to implement?

Thanks

Nagesh K

Manpreet_Kaur
New Contributor II
New Contributor II

Hi Nagesh K,

Thanks for your revert.

The solution given in the link is working fine as of now.

https://forums.saviynt.com/t5/privileged-access-management/password-policy-max-repeated-characters/m...

However, at certain point of times the Service accounts password generated by vault for credential based used cases comes out to be incorrect when the user tries to login out of SaviyntEIC.

In such scenarios, we need to reset their passwords.

Right now, i am looking into scenarios wherein i can find any specific criteria where the generated password gets incorrect but could not find any criteria as of now.

Is this can be treated as an intermittent issue?

Thanks,

Manpreet Kaur