Password Change

The following parameters determine the platform settings for changing passwords.

These parameters are not relevant in a platform that is linked to a group member.

Parameter

Description

AllowManualChange

Whether or not a ‘Change Now’ process can be initiated manually.

Acceptable values: Whether or not a ‘Change Now’ process can be initiated manually.

Default value: -

PerformPeriodicChange

Whether or not accounts related to this platform will be changed periodically according to the Master Policy.

Acceptable values: Yes/No

Default value: -

PerformChangeTask

Whether or not the CPM will carry out password change processes.

Acceptable values: Yes/No

Default value: -

OneTimePassword

Whether passwords in accounts associated with this platform must be replaced after they have been retrieved by any user. In addition, this parameter is applied to accounts stored in an Exclusive Accounts Safe.
This parameter is only relevant in platforms applied to group members.

Acceptable values: Yes/No

Default value: -

HeadStartInterval

The number of days before the password expires (according to the Master Policy) that the CPM will initiate a password change process.

Acceptable values: Number: 0 to any integer number. It is not recommended to use -1 as this can cause errors.

Default value: 0

FromHour, ToHour

The time frame in hours during which the CPM can change passwords, either manually or automatically. This is useful, for instance, if the organization only wishes to change passwords during the night.
This parameter is not relevant if the platform will be applied to a member of an account group.

Acceptable values: 0-23 or -1 for none.

Default value: -

ChangeNotificationPeriod

The number of seconds before the CPM changes passwords that a notification will be issued in an Application Access Manager environment to enable synchronization between the Vault, the CPM, and the provider.

Acceptable values: Number or -1 for no notification.

Default value: -

ExecutionDays

The days of the week when the CPM will change passwords.
The days of the week are represented by the first 3 letters of their names. Sunday is represented by Sun, Monday by Mon, etc.

Acceptable values: Days of the week, separated by commas.

Default value: -

DaysNotifyPriorExpiration

The number of days before a password is changed that a notification will be sent to recipients, a re-notification interval that determines the number of days between notifications for the same password expiration (optional) and a re-notification period that determines the period of time during which these notifications will be sent (optional). Separate these values by commas.

Acceptable values: <days before expiration>, <re-notify interval>, <re-notify period>

Default value: -

EnforcePasswordPolicyOnManualChange

Whether or not password policy rules will be enforced for manual password changes so that end-users will not be able to set non-compliant passwords.

Acceptable values: Yes/No

Default value: After installation: Yes After upgrade: No

EnforcePasswordVersionsHistory

Determines the number of previous password values that are stored in the Vault and cannot be specified when users change a password value manually.
Specify -1 to disable this feature.

Acceptable values: 1-50

Default value: 7