• Site Map
• Contact Us

• Home
• Solutions
  • Reduce IT Support Cost
  • Improve User Service
  • Security, Governance and Regulatory Compliance
• Support
  • Customer Portal
  • Request Support Help
• Products
  • Core Products
  • Add-On Products
  • Download Trial Software
  • Releases
  • Common Criteria Certification
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • Technology
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • White Papers
  • Regulatory Compliance
  • Certifications
  • Community
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Partners
  • Partner Programs

Technology Architecture Transparent Password Synchronization

  

Transparent Password Synchronization Architecture

Transparent password synchronization, triggered by a native password change on a monitored system works as follows:

1. User: decides to change his password(s) or has been prompted to during the login process.

2. User: enters his login ID, current password and desired value.

3. Login server: validates password quality internally, then calls a Password Manager library to further validate password quality.

4. Password Manager library: contacts the Password Manager server; establishes an encrypted connection; forwards a request for password policy validation.

5. Password Manager server: validates password quality; returns result. In the event of an attempted policy violation, Password Manager may send a message directly to the user by e-mail or a Windows pop-up message; may create an incident management system ticket and so on.

6. Login server: updates the user's password field internally, calls the Password Manager library to notify it of the successful change. Note that a failure to meet the Password Manager policy will normally block the initial password change from happening.

7. Password Manager library: contacts the Password Manager server; establishes an encrypted connection; forwards a request for password synchronization.

8. Password Manager server: queues up the new password for synchronization.

9. Password Manager server: resolves the single queued event to a list of passwords that must be set for this user (one per account).

10. Password Manager server: administratively sets the user's passwords on each system to the new value.

11. Password Manager server: in the event of failure, re-queues and retries; may send the user one or more e-mails to notify of the problem; may create a ticket on an incident management system to alert someone of a problem.

Password synchronization triggers are provided with Password Manager for Windows server or Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP, Oracle Internet Directory, Unix (various), z/OS and iSeries (AS/400).

This is implemented on the network with the following components:

    Transparent synchronization architecture diagram (1)

© Hitachi ID Systems, Inc. . All rights reserved.