Password policy check

Owned by Silvan Grüter
Last updated: 18. Jun 2021
1 min read

Introduction

For each target system there is an attached password policy. Upon a users login to any of the SSO attached applications, the password policy will be checked. It’s important to know that the policy of the users target system is applied and not the policy of the current target system.

Examples

Given two applications, one called Extranet with a low password policy and one called Tax with a complex password policy, the following policies are applied:

User

Logon to application

Policy applied

User

Logon to application

Policy applied

Extranet user

Extranet

Extranet Policy

Tax user

Extranet

Tax Policy

Extranet user

Tax

Extranet Policy

Tax user

Tax

Tax Policy

This makes especially sense, since the password policy of the target system that a users is about to login to can not be verified if he was previously logged into another application (SSO). So checking the currents application password policy does not make sense.

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.