Symantec Access Management

Can anyone guide on What is the best way to handle monitor users

1.
The monitor users passwords shouldn’t expire ( which means not password policies should apply)
2.
The monitor users and regular user users reside in the same user stores
3.
All the password policies should implement on the regular users not on the monitor user (which monitors the applications availability)


One of the option that I aware of is, making use of two different users stores and have the password policies on regular users policy store and relax the password policies on the user store which has the monitor users

Thanks,
Matheen

Hi,

If you're relying on the password policy of your directory, this would depend on the product you're using.

SiteMinder password policies can be configured so that they only apply to part of a directory. As a result you can limit the scope of such a password policy to a directory branch or specified attribute values.

We're actively using this to apply dedicated password policies for specific branches + attribute values.

Hi Matheen,

You can alternatively create another password policy which will apply of part of user directory, and don't give any expiration or details to it, also in Advanced Tab give the priority to it as 1 and give the priority to other password policy which applies to complete directory as 10 or higher, this will make the password policy applying for complete directory to apply first and will not be applied top policy applying for part of user directory.

Evaluation priorities range from 0-999, where 999 is the highest.

Hope this helps.

Regards
Vikas