How to configure SMA 1000 for Active Directory user password changes?

03/26/2020 8 People found this article helpful 92,614 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

It is a common practice to set initial user passwords and then require the user to set a new password when they initially log in. 

The SMA can be configured to notify users when their password is expiring and allow users to change their passwords.   

Under System Configuration > Authentication Servers > Edit (on an active Directory Server) > Advanced scroll down to Password Management: 

"Allow user to change password when notified" should be enabled.  

If "Allow user to change password when notified" is not enabled and the user is required to change the password on their initial login they will be prevented from logging in. 

Cause

With "Allow user to change password when notified"  disabled a user with a valid password that expires in the future, would initiate a password change themselves while logged in. Disabling this option might be used by administrators to identify users who do not change their passwords promptly when required. It prevents a user with an expired password to change their password. 

A user required to change their password on next login are blocked from accessing the system with this setting disabled. 

Resolution

"Allow user to change password when notified" should be enabled uunless the administrator intends to prevent users with expired passwords from setting a new password.  

Related Articles

• Configuring Device Management based on Device ID for SMA 100
• CT with Device Guard is stuck on Identifying when GVC Client is installed
• SMA1000: CT compatibility with 3rd party VPN clients like GVC, Citrix and Fortinet

Categories

• Secure Mobile Access > SMA 1000 Series > Authentication
• Secure Mobile Access > SMA 1000 Series > Configuration
• Secure Mobile Access > SMA 1000 Series > User Access