In the self service application, it is possible to configure either of the following when a password expires:
- Prevent the user from logging in
- Allow the user login, but encourage them to change the password immediately.
Prevent User from Logging in
This enable this option, we need to carry out the following steps:
- Log into the webconsole
- Bring up the password policy that will be used
- Set the PWD_EXP_GRACE value to 0. PWD_EXP_GRACE determines the grace period after a password has expired during which the user can still log in. By setting this value to 0, you are telling the system that there is no grace period. When a password expires, you will not be allow to login.
Allow login
This option allows the user log for 'X' days after a password has expired. To configure this, please follow the steps below:
- Log into the webconsole
- Bring up the password policy that will be used
- Set the PWD_EXP_GRACE value to be the number of days after password expiration during which a user can still login and change their password. PWD_EXP_GRACE determines the grace period after a password has expired during which the user can still log in. By setting this value to 0, you are telling the system that there is no grace period. When a password expires, you will not be allow to login.
- With this value set, selfservice application will direct you directly to the change password screen immediately after log in.
Labels: