Version Warning

The content below is for Apache Syncope <= 1.2 - for later versions the Reference Guide is available.

Introduction

This wiki page aims to show how to manage password, account and synchronization policies.

Password Policies

A password policy is a set of rules designed to force users to employ strong passwords and use them properly.

Create new password policy

  1. Click on Configuration tab.
  2. Click on Password Policies subtab.
  3. Click on Create button.
  4. Click on Policy Description tab and provide information.
    • Type
      Password Policy for a simple policy.
      Password Global Policy for a global policy.
    • Description
      Brief description
  5. Click on Policy Specification tab and configure your policy.
    • History length: User password history values cannot be used to specify a new password.
    • Maximum size: minimum password size.
    • Minimum size: maximum password size.
    • Substrings not permitted: sub-strings not permitted.
    • Mustn't contain value of the following attributes: password cannot be equal to the specified attribute values.
    • Non alphanumeric character required: a non alphanumeric character is required.
    • Alphanumeric character required: a alphanumeric character is required.
    • Must contain one or more digits: a digit character is required.
    • Lowercase required: a lower case is required.
    • Uppercase required: an upper case is required.
    • Must start with digit: password must start with a digit.
    • Mustn't start with digit: password mustn't start with a digit.
    • Must end with digit: password must end with a digit.
    • Mustn't end with digit: password mustn't end with a digit.
    • Must start with non alphanumeric character: password must start with a non alphanumeric character.
    • Must start with alphanumeric character: password must start with an alphanumeric character.
    • Mustn't start with non alphanumeric character: password mustn't start with a non alphanumeric character.
    • Mustn't start with alphanumeric character: password mustn't start with an alphanumeric character.
    • Must end with non alphanumeric character: password must end with a non alphanumeric character.
    • Must end with alphanumeric character: password must end with an alphanumeric character.
    • Mustn't end with non alphanumeric character: password mustn't end with a non alphanumeric character.
    • Mustn't end with alphanumeric character: password mustn't end with an alphanumeric character.
    • Pefixes not permitted: password prefixes not permitted.
    • Suffixes not permitted: password suffixes not permitted.
  6. Click on Save button.

Edit password policy

  1. Click on Configuration tab.
  2. Click on Password Policies subtab.
  3. Click on Edit link and perform changes.
  4. Click on Save button.

Delete password policy

  1. Click on Configuration tab.
  2. Click on Password Policies subtab.
  3. Click on Delete link.
  4. Confirm operation.

Account Policies

An account policy specify the username attribute syntax, the maximum number of subsequent failed logins permitted before to lock the account and whether propagate user suspension.

Create new account policy

  1. Click on Configuration tab.
  2. Click on Account Policies subtab.
  3. Click on Create button.
  4. Click on Policy Description tab and provide information.
    • Type
      Account Policy for a simple policy.
      Account Global Policy for a global policy.
    • Description
      Brief description
  5. Click on Policy Specification tab and configure your policy.
    • Maximum size: maximum username length.
    • Minimum size: minimum username length.
    • Substrings not permitted: sub-strings not permitted.
    • Mustn't contain value of the following attributes: username cannot be equal to the specified attribute values.
    • Pefixes not permitted: username prefixes not permitted.
    • Suffixes not permitted: username suffixes not permitted.
    • All upper case: username must be all upper case.
    • All lower case: username must be all lower case.
    • Propagate suspension: check it to propagate user suspension.
    • Maximum number of subsequent failed logins: maximum number of subsequent failed logins permitted before to lock the account.
  6. Click on Save button.

Edit account policy

  1. Click on Configuration tab.
  2. Click on Account Policies subtab.
  3. Click on Edit link and perform changes.
  4. Click on Save button.

Delete account policy

  1. Click on Configuration tab.
  2. Click on Account Policies subtab.
  3. Click on Delete link.
  4. Confirm operation.

Synchronization Policies

A synchronization policy specify alternative attributes to be used to search locally for users to be synchronized and to specify the conflict resolution policy.

Create new synchronization policy

  1. Click on Configuration tab.
  2. Click on Synchronization Policies subtab.
  3. Click on Create button.
  4. Click on Policy Description tab and provide information.
    • Type
      Synchronization Policy for a simple policy.
      Synchronization Global Policy for a global policy.
    • Description
      Brief description
  5. Click on Policy Specification tab. and configure your policy.
    • Alternative attributes for local search: attributes to be used to search locally for users to be synchronized.
    • Conflict resolution action: resolution policy in case of multi match.
      FIRSTMATCH (synchronize only the first matched user).
      LASTMATCH (synchronize only the last matched user).
      IGNORE (do not synchronize matched users).
      ALL (synchronize all the matched users).
  6. Click on Save button.

Edit synchronization policy

  1. Click on Configuration tab.
  2. Click on Synchronization Policies subtab.
  3. Click on Edit link and perform changes.
  4. Click on Save button.

Delete synchronization policy

  1. Click on Configuration tab.
  2. Click on Synchronization Policies subtab.
  3. Click on Delete link.
  4. Confirm operation.

Questions? Just send an e-mail to user@syncope.apache.org