Hi Mike,

Password Management for system local auth server is supported in IC-4500.

You can enable Password Managment by accessing the System Local Auth server Settings where you can enable or disable this option.

you can also enforce end uset for  password change  after X days and also prompt the user for password change  in x days before their current password expires.

Hope this answers your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan

Additional information:

when password management is enabled on the local authentication server, If Password Management is not enabled at the realm level, users will be required to change the password as per the Auth server configuration; but will not be prompted for a change due to the Realm configuration.

So, users will not be prompted for the password change and the account will be locked out.

Enable password management on both the System Local Authentication Server page, as well as the corresponding Realm > Authentication Policy > Password page

Regards,

Kannan

Hi Kannan,

Thanks for the great information! Does that mean that a user logs into the VPN via a URL and they have access to changing their password settings? Currently I'm receiving an error saying the user is not allowed to access the URL. This is the part that I'm currently hung up on.

Thanks!

-Mike

Hi Mike,

IC-4500 is  access control device and not VPN box. Are you using SSL VPN SA box. 

Password Mangment for local user is supported in Juniper SA device as well.  Once  the user authenticated and given access to the user acces bookmark page , you have to click preferences tab to see the password managment option.

As per your statment I understand that you are facing log in issues, we may need to look in to logs to identify why the user authentication is rejected. password managment option comes in only after user authentication

Hope this resolves your query

Regards,

Kannan

Hi Kannan,

I opened a JTAC ticket on this issue. They informed me that what I'm trying to do requires a user licenes on the box. Currently, I have the default localhost license and the full RADIUS license. We should be receiving a test license in the upcoming week - hopefully that will provide the features that I'm looking for.

I will update this post with further questions after I install the user license.

Thanks for your help!

-Mike

Thanks for the update Mike, will wait for the same

Regards,

Kannan

Hi Kannan,

We received the user license and we now have advanced features on the box. Here's my new questions: is a user able to manually change their password without administrative intervention? Or, does the password management only prompt the user once their password has expired?

I'd like for a user to be able to change their password whenever they would like.

Thanks for your help!

-Mike

Hi Mike,

Thanks for your response.

I have to test this in my lab set up for confirming the info , will test it and update you soon

Regards,

Kannan

Hi Mike,

In IC  admin UI under password management section of system local  configuration we have the below 3 options enable/disabled.

1.Allow users to change their passwords
2.Force password change after x days
3. Prompt users to change their password x days before current password expires

Your requirement is meeting here. Hope this resolves your query. 

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan