How to configure SMA 1000 for Active Directory user password changes?

Description

It is a common practice to set initial user passwords and then require the user to set a new password when they initially log in. 

The SMA can be configured to notify users when their password is expiring and allow users to change their passwords.   

Under System Configuration > Authentication Servers > Edit (on an active Directory Server) > Advanced scroll down to Password Management: 

Image

"Allow user to change password when notified" should be enabled.  

If "Allow user to change password when notified" is not enabled and the user is required to change the password on their initial login they will be prevented from logging in. 

 

 

Cause

With "Allow user to change password when notified"  disabled a user with a valid password that expires in the future, would initiate a password change themselves while logged in. Disabling this option might be used by administrators to identify users who do not change their passwords promptly when required. It prevents a user with an expired password to change their password. 

A user required to change their password on next login are blocked from accessing the system with this setting disabled. 

Resolution

"Allow user to change password when notified" should be enabled uunless the administrator intends to prevent users with expired passwords from setting a new password.  

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
Authentication
Secure Mobile Access
SMA 1000 Series
Configuration
Secure Mobile Access
SMA 1000 Series
User Access
not finding your answers?
Ask the Community