Since passwords are typically hashed on each system in a non-reversible, fashion and since different systems use incompatible password hashes, password synchronization must be an active process that takes place whenever users change their passwords.
There are really just two ways to synchronize passwords. Password Manager supports both of the possible mechanisms for password synchronization:
Password Manager can be configured to intercept native password changes on certain systems and:
Systems that can trigger password synchronization are Active Directory, Windows servers, OID, Linux and Unix (various), iSeries and z/OS (optional component).
Users authenticate to the Password Manager web portal, using any browser, by keying in their NOS or directory ID and password. They can then set a single password on one or more of their own IDs on one or more systems.
Password Manager must be configured with a SQL-based relational database. The Password Manager replicating data service can be configured to use the following SQL database engines as its physical data store:
Password Manager maintains an identity cache in the database, which contains data about users, identity attributes and group memberships drawn from target systems every few hours. This cache significantly improves the run-time performance of Password Manager, as it eliminates the need to repeatedly connect to target systems or to an external directory, to look up the same identity attributes again and again during the course of a workflow request or interactive user session.
The identity cache built into Password Manager: