Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2424
Views
0
Helpful
2
Replies

ISE - automatically force internal user to change password at next login

tommy182
Level 1
Level 1

‎06-27-2021 06:58 AM

Hello Friends!

 

We trying to achieve a workflow for auto password expiration for internal users.

The main goal is to set period(30 days for example) after which user account would be forced to change password during next login.

We have no option to redirect users to any portals on ISE(we use internal users for SSLVPN Auth on VPNGW)

There is even special option exist in every account Change password on next login (also in available in API)

This option works great for us(user change password when login over sslvpn), but looks like there is no way to set this option automatically instead of complete account block

 

Looks strange but current option is to only completely block account after timer expiration.

It is also strange because of topic name in ISE configuration called Password Lifetime, but in reality it is Account lifetime.

 

In Admin guides for newer versions(2.7\3.0) nothing new about it.

Maybe I was missing something?

Why so convenient and necessary feature still not available in ISE (especially if it is even available with API)?

 

 

 

Regards,

Artem

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎07-04-2021 08:09 PM

No, you were not missing anything. This is a known limitation in ISE.

0 Helpful

ranjit123
Level 3
Level 3
In response to hslai

‎01-25-2023 05:23 AM

Hello All,

Any solution on this.. "ISE - automatically force internal user to change password at next login" or still its a know limitation...

0 Helpful
Customers Also Viewed These Support Documents