NimbostratusWith the Firepass Active Directory users had the ability to change their passwords before they were expired. With the APM I am not seeing that option. Is there a way to allow for this to happen?
CirrusThis is implemented in version 11.5 that was just released earlier this year.
NimbostratusI am running version 11.5 but so far have not had luck finding out where that it at? Can you provide with the article or location of the feature?
NimbostratusHi there, this can be done by adding AD Query in your APM policy, When you add AD Query the very last option is what you want. I hope this helps.
NimbostratusPerfect. I found the option. Thanks for the quick reply.
NimbostratusI seemed to of tried the change_password checkbox and that doesn't seem to work. Am I supposed to make more changes elsewhere?
NimbostratusThe above method works, in a limited way, as far as I can see. Here is the kb: https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15676.html
What is required is that the user must first put in a correct AD username/password, THEN check the box. Process is: authenticate first> check box> new window> change password> authenticated to resources.
What if someone doesn't remember their password? Then your Sys Admin must give them a temporary password first!
Only issue I have found: It doesn't work with OTP users. They just get a constant loop to enter a new password.
CirrostratusIt's been a year, is there updated information. I have the same question RyanDM2 has, can we allow users to reset a forgotten password. Obviously there would have to be a process to identify the user wanting to change the password, email confirmation or something. Much more complicated but valuable.