ISE - automatically force internal user to change password at next login

tommy182 — Sun, 27 Jun 2021 13:58:14 GMT

Hello Friends!

We trying to achieve a workflow for auto password expiration for internal users.

The main goal is to set period(30 days for example) after which user account would be forced to change password during next login.

We have no option to redirect users to any portals on ISE(we use internal users for SSLVPN Auth on VPNGW)

There is even special option exist in every account Change password on next login (also in available in API)

This option works great for us(user change password when login over sslvpn), but looks like there is no way to set this option automatically instead of complete account block

Looks strange but current option is to only completely block account after timer expiration.

It is also strange because of topic name in ISE configuration called Password Lifetime, but in reality it is Account lifetime.

In Admin guides for newer versions(2.7\3.0) nothing new about it.

Maybe I was missing something?

Why so convenient and necessary feature still not available in ISE (especially if it is even available with API)?

Regards,

Artem

Re: ISE - automatically force internal user to change password at next login

hslai — Mon, 05 Jul 2021 03:09:27 GMT

No, you were not missing anything. This is a known limitation in ISE.

Re: ISE - automatically force internal user to change password at next

ranjit123 — Wed, 25 Jan 2023 13:23:47 GMT

Hello All,

Any solution on this.. "ISE - automatically force internal user to change password at next login" or still its a know limitation...

topic Re: ISE - automatically force internal user to change password at next login in Network Access Control

ISE - automatically force internal user to change password at next login

Re: ISE - automatically force internal user to change password at next login

Re: ISE - automatically force internal user to change password at next