Forum Discussion

domenicbetters's avatar
4 months ago
Solved

Is it possible to set up a password rotation policy

So I was wondering.  Is it possible in LM to set up a policy that forces our users to reset their passwords every 90 days.  I don’t see any options to do so in LM and I wasn’t sure if anyone out there has done so through some clever scripting.  I set up something similar in ServiceNow where a scheduled script ran every day and forced a user reset if the password was over so many days old.  Thanks for your help

  • It should certainly be possible to do so, using the REST API through the SDK

    • You would programmatically make an authenticated GET Request against the /setting/admins/ endpoint (All encapsulated within the SDK) to get the list of the admins using the SDK’s get_admin_list method
    • Iterate through the list, using whatever logic you wish to determine which accounts would be set to force a password change (I don’t think we expose the age of the password; I suppose you could just do them all every 90 days)
    • Then Programmatically create a PATCH request through the sdk against the /settings/admins/{id} endpoint using the SDK’s patch_admin_by_id method to update the force_password_change field for the appropriate accounts.

    If you’d rather not use the SDK, the REST API swagger docs are here, but the process will be the same.

2 Replies

  • It should certainly be possible to do so, using the REST API through the SDK

    • You would programmatically make an authenticated GET Request against the /setting/admins/ endpoint (All encapsulated within the SDK) to get the list of the admins using the SDK’s get_admin_list method
    • Iterate through the list, using whatever logic you wish to determine which accounts would be set to force a password change (I don’t think we expose the age of the password; I suppose you could just do them all every 90 days)
    • Then Programmatically create a PATCH request through the sdk against the /settings/admins/{id} endpoint using the SDK’s patch_admin_by_id method to update the force_password_change field for the appropriate accounts.

    If you’d rather not use the SDK, the REST API swagger docs are here, but the process will be the same.

  • a scheduled script ran every day and forced a user reset if the password was over so many days old

    That’s what I’d do, but I haven’t done it yet. SSO ftw, say goodbye to managing user accounts.