This content has been marked as final. Show 3 replies
You can create a new password policy in IDM and cofigure it to not use last n passwords. Now assign the policy to the AD resource under resource configuration section.
Will that policy work together with AD?
i.e. if a user changes a password in AD
then changes it in IdM for the same account and tries to use same password, will IdM know?
You are correct. This will not work if password is changed in AD. If the password policy is set in AD to not take n passwords, then it will give exception in IDM when you try to give the same password again.
Another alternative is to check the exception that is comingi and check if it is for password in history, then you can ask the user to set the password again.