Azure AD password not set

Hello,

In Azure AD synch project we try to  push the creation of Azure AD accounts. We have some persons in IAM with empty password (CentralPassword=null).

When the provisionning is launched for them, it fails with this error : The value of 'Password' on 'Azure Active Directory user account' did not match the password policy restrictions of 'One Identity Manager password policy'.

We effectively set up some password policies to prevent provisionning with null or empty password in different target systems.

But in the case of Azure AD, we would like to bypass this by setting a default password for Azure AD Account if   (CentralPassword=null).

I have set up this the AADUser Table , "Password" colomn where in 'Value calculation' , we did this: 

If String.IsNullOrEmpty($FK(UID_Person).CentralPassword$) Then
value = "Default_pass34$)"
End If

But it still fails with the same error : The value of 'Password' on 'Azure Active Directory user account' did not match the password policy restrictions of 'One Identity Manager password policy'.

I can't see what is missing..

How could we force to set up default password in this case ?

Thnx

Parents
  • Hello Markus,

    Thank you

    Version used is 8.1.1

    Yes we have a password policy for Azure Ad in OiM. When i test the password Default_pass34$ it passes..

    I have deactivated the password policy for OIM and for Central Password..

     

    Now it fails at the provisionning : 

     

    1777124] Error executing projection step (User) of projection configuration (Provisioning (Provisioning)).
    [1777219] Error executing synchronization step (User)!
    [1777004] Method (Insert (Insert)) could not be executed successfully.
    [System.Exception] [Exception]: ServiceException occured
    Code: Request_BadRequest
    Message: A password must be specified to create a new user.
    [ServiceException]: Code: Request_BadRequest - Message: A password must be specified to create a new user.

    Even I have set up this the AADUser Table , "Password" coloumn where in 'Value calculation' : 

    If String.IsNullOrEmpty($FK(UID_Person).CentralPassword$) Then
    value = "Default_pass34$)"
    End If

    The Account is created in table AADUser but the field Password is null.

    Other field take the value calculation into account but not the Password field, why?

    It is the ad-hoc projection workflow.

     

    Thnx

  • Since 8.1.1, the password flow (or initial password generation) will not be controlled by the value template on the Password property but via the OnSaving script as hinted in the value template.

    In the OnSaving script on the table AADUser, you will find the following section that would set the initial password.

    Now, in the called script TSG_GetPassword, there is an additional check against the CentralPassword, and if this null or empty, then it will either generate a random password (if the configuration parameter TargetSystem\AzureAD\Accounts\InitialRandomPassword is set) or it will use the DefaultInitialPassword from the password policy used.

    So the solution for your case is just to set the initial password at the password policy.

  • Thnx

    I have done exactly as you suggested but i still get this error:

    1777124] Error executing projection step (User) of projection configuration (Provisioning (Provisioning)).
    [1777219] Error executing synchronization step (User)!
    [1777004] Method (Insert (Insert)) could not be executed successfully.
    [System.Exception] [Exception]: ServiceException occured
    Code: Request_BadRequest
    Message: A password must be specified to create a new user.
    [ServiceException]: Code: Request_BadRequest - Message: A password must be specified to create a new user.

  • I am out of ideas. If this is still an issue, please contact support.

  • Thank you, i solved it by adding an assignment.

    Best regards.

  • Hello M.IAM

    We are facing the same issue, can you kindly elaborate what you meant by "adding an assignment"?

    Thanks

    Kin

Reply Children