Initial password

The extension calculates the content of the INITIALPASSWORD attribute on the account assignment if the attribute is present on the resource type, and only if it is a new account.

The password adheres to the password policy defined on the account resource or on the system if it is not present on the account resource.

When the account has been provisioned (or when provisioning status is set to OK) the initial password attribute value is removed from the assignment.

Event definitions and notifications

The notification through e-mail to the user of their initial password is based on the new event concept for calculated assignments.

When the provisioning status for an account assignment is updated to OK and the password is present on the assignment, sends out an e-mail notification that contains the randomized password that the user can use.

Below is a list of six event definitions created for each resource type, and each with their own event definition and e-mail action, such as e-mail notifications.

• Personal account notifications are sent to the manager.
• Initial password notifications for personal accounts are sent to the manager.
• Non-personal account notifications are sent to the identity.
• Passwords for non-personal accounts are sent to the identity
• Technical account notifications are sent to the identity owner.
• Passwords for technical accounts are sent to the identity owner.

The event definitions including e-mail actions and e-mail templates are created whenever a resource type is being edited.

note

You can disable the list of events and notifications mentioned above by disabling the customer setting EnableAccountCreationNotification.

If a custom solution requires a more advanced notification scheme, the event definitions can be extended. For example, it could be a requirement for a personal account notification to be sent directly to the identity.