Idea ID: 2872497

Hide “Auto-created LDAP Password” tile in Enrollment Portal

Status: Delivered

AAF 6.3.6.1

Looking for a way to hide the “Auto-created LDAP Password” tile under authentication methods in the AAF enrollment portal (new UI). The way the customer’s environment is configured for password synchronize (using Netiq Identity Manager), users attempting to change their LDAP password within AAF will cause their network passwords to be out of sync. 

Having the ability to hide the “Auto-Created LDAP Password” tile, or being able to configure that tile to direct the user to their NetIQ Self-Service Password Reset (SSPR) instance would prevent a lot of confusion in their environment.

Tags:

Parents
  • Hi Michael

    Thank you for the submission.
    A few questions from my side to clarify.

    1. Would this functionality only be available in the NEUI (New Enrolment User Interface) or does it have a requirement to also be present in the old Self-enrolment portal?

    2. How should it affect the Helpdesk portal (if at all)? Should it be the same option or should it have different options (one for each portal)?

    3. Would the function similar to the "Allow overriding phone number" option be sufficient https://www.netiq.com/documentation/advanced-authentication-64/server-administrator-guide/data/sms_otp.html 

  • Hey Bruno, In my customer's case we are only using the NEUI, so allowing us to hid the LDAP password tile there would be sufficient. However, I'm sure there are others still using the old self-enrollement portal where this same functionality would be welcome.

    I'm not sure how best to handle this. Was merely thinking of a setting that would hide that LDAP password tile so it couldn't be selected or changed. I wasn't clear on how you would implement a solution similar to "Allow overriding phone number". Perhaps you can explain what you're thinking there. 

    Much appreciated!

Comment
  • Hey Bruno, In my customer's case we are only using the NEUI, so allowing us to hid the LDAP password tile there would be sufficient. However, I'm sure there are others still using the old self-enrollement portal where this same functionality would be welcome.

    I'm not sure how best to handle this. Was merely thinking of a setting that would hide that LDAP password tile so it couldn't be selected or changed. I wasn't clear on how you would implement a solution similar to "Allow overriding phone number". Perhaps you can explain what you're thinking there. 

    Much appreciated!

Children
No Data