@Sam Dikeman
Let me elaborate a bit further on this.
These are two different features that CA SSO supports which are related to Password Expiry :
Feature 1. Password expiry if not changed after X days
Feature 2. Password expiry from Inactivity (login inactivity) after X days
Password expiry logic Feature 1
Password expires if :
- Current Time -Last Password Change Time > X
Password expiry logic Feature 2
Password expires if :
- Current Time - Last Login Time > X (AND)
- Current Time - Last Password Change Time > X
Basically, if the password was changed by Admin , then that time is also considered as login, though not explicitly recorded in the Last Login Time attribute.
So, now your question is about the Feature 1, for this CA SSO don't event look at the "Last Login Time" attribute which is populated on selecting the check box for "Track Successful logins"
Cheers,
Ujwol