RSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) reports this item failed: password does not meet complexity requirements when creating an AD account

3 years ago

Originally Published: 2017-01-18

Article Number

000040150

Applies To

RSA Product Set: Identity Governance & Lifecycle
RSA Product Set: Access Fulfillment Express (AFX)
RSA Version/Condition: All

Issue

Sometimes Active Directory (AD) account creation fails using AFX fulfillment. The following error is seen in the change request window:

[-1] and message: 'LDAPExecception: Server refused to perform operation. 
Password does not meet complexity requirements (e.g. too short)'. 
If available...

Cause

The generate password (${GeneratedPassword} ) variable is being used in the account template without a password policy. As a result, RSA Identity Governance and Lifecycle has no guidelines for generating a new password.

Resolution

Define a password policy in RSA Identity Governance and Lifecycle that aligns with the policy in the Business source in which the account is being created.

To do this:

Enable Password Management:
Select Admin > System > Edit. Set Password Management: On
Select Requests > Password Management > Password Policies.
Create your own password policy or modify one of the default policies. The purpose is to define a password policy the same as the business source and associate the policy with that business source.

For example, let's say your AD system requires a password that is a minimum of eight characters in length and at least one of those characters must be non-alphabetic. In this case, you may use the Basic Password Policy and associate it with the AD directory. For more complex password policies, either use the Secure Password Policy, or define a new policy by choosing New....

Don't see what you're looking for?

Related Articles

Trending Articles