Using Fine Grain Password Policies (FGPP) in Access Manager 1.3


As of Access Manager 1.3 Active Directory connectors are now able to detect and use Fine Grain Password Policies that you have configured within your domain.

FGPP can be created within the domain and assigned to specific users and groups allowing for users in different parts of the domain to use different password rules, for example you can have a stricter policy for your administrator users compared to the default policy that other employees use.


Download and Configuration

To configure FGPP see the articles below for the different Windows Server configurations.

Windows Server 2008

Windows Server 2012


In Access Manager you can view the password policy that a user obeys in the Identities page.

Select the User and in the details section below the user list you can see a new tab named Password Characteristics, selecting this will display the password policy that the user obeys, and where this is coming from.

In the case here the password policy is being detected from the domain default policy, if we look at a user that is in a group with a different policy however.

We can see that the policy is different, and that it is specific to this user.


In order for Access Manager to provide full FGPP functionality the Service Account in the directory configuration will require the permissions that allow the user to access FGPP, the simplest way to provide this is to ensure the Service Account user is a member of the Domain Admins group in Active Directory.

Have more questions? Submit a request


Powered by Zendesk