IDM 4.0.1
User App 4.0.1
My clients requirement.

My client wants a kind of second level authentication for their
external users.

Eg: When new or already existing user has been assigned a group
entitlement (eg: "Finance" Group entitlement) then
1) we need to change those user password expiration from 90 to 45
days.
2) Prior to those users password expire (lets say 5 day before the
password expire)we need to send a email notification to those users
with UserApplication URL (UserApplication URL is a page with text area
and submit button)
with some auto genrated security code or randam number.The users
will click link, entered the security code and when they click submit it
must validate secuirty code against edirectory and if it matches then
the password expiration date for that user should get extend to
another 45 days.

Is this doable?
If it is doable how i can achive this scenario?


What i have in my mind is
Null driver to verify the "Finance" Group entitlement.
When "finance" group entitlement is assigned to an user, nulldirver
will sends the email notification with User Application URL & a random
generated number ( this random number will be stored in an attribute
"SecCode").
The UserApplication URL will point to custom created page which has
text area to enter the "security code" which will be send via email
notification.
Once sumbitted it matches the Security code against the users
attribute(SecCode)value. if succeed then it triggers nulldriver to
extend the users password expiration date to another 45 days.



Let me know there is any other better way to handle this scenario


--
lvaradha
------------------------------------------------------------------------
lvaradha's Profile: https://forums.netiq.com/member.php?userid=226
View this thread: https://forums.netiq.com/showthread.php?t=2949