The IDM (Identity Management System) is an essential part of UCS. Thanks to the central administration of the data, it is ensured that the necessary data for the logins following different standards is available and unified.
One of the essential features of UCS is the option to set a password for the user. The user can then reset the password, e.g., when using the self-service.
When using an additional application such as RADIUS (WLAN connection), any user can use their domain password to log on to the WLAN.
For data protection reasons, it could happen that a user should not use the domain password for multiple applications, such as WLAN, at the same time. In such a case, the system needs different passwords for each application. Therefore, we have launched an extension for UCS that provides an alternative, service-specific password for RADIUS.
Suppose the two apps, RADIUS, and Self Service, are installed. In that case, you can activate the feature using the code lines below in the console of the Primary Directory Node. The Self-Service will display the “WLAN password” tile. Here users can instruct the system to generate a random password specifically for WiFi.
ucr set radius/use-service-specific-password=true
Consequently, users now have a separate service-specific password set for RADIUS via Self-Service. They can no longer log on to the WLAN with their domain password.
Should a user forget or lose their password, they can generate a new password at any time. The old password will be invalid. As UCS generates a random password for the users, it is impossible to repeatedly use the same RADIUS password or use the same password as used for the domain login. Thus it ensures that the additional password is only used for critical applications.
Last but not least, the unique password increases the security of the application and the entire system.
In the future, administrators will be able to use the generic design of the system to expand it for similar requirements in different scenarios.