You can create password policies at a container, OU, Group Policy, and user object level. Policies set at the container or organizational unit level are inherited by all associated directory objects. Password policies set at the user object level override all higher-level policies. Password policies are linked to application definitions through scripting and are not applied to directory objects. You can do this by creating a password policy in the Password Policies pane, then linking the policy to the application definition by editing the application script and adding the RestrictVariable command. For more information about linking a password policy, see Linking a Policy to an Application.
Password policies are comprised of one or more password rules applicable to one or more single sign-on enabled applications and to specific directory objects. You can configure password policies in the Password Policy Properties tables of the Administrative Management utilities.
SecureLogin remembers the passwords and handles password changes after they expire on the back-end application. For example, after 30 days or when users decide to change their password. The SecureLogin password management functionality includes the capability to set password expiry duration and generate passwords that comply with specified password policies.
Password policies are typically created to match existing password policies. You should consult application owners before changing an existing password policy.
To determine requirements and parameters of the password policy and applications the password policy applies to, test complex policies on a test user account to ensure that they are viable.
You can create password policies through the application definition wizard while enabling application for single sign-on. For more information about using the application definition wizard, see the NetIQ SecureLogin 9.0 Application Definition Wizard Administration Guide.
However, you cannot use the wizard to edit or delete password policies.