Understanding Client Flags
A client may receive a flag if they contain a password which meets any of the following criteria:
- The Client Password Rotation Policy has been exceeded (a password has expired)
- One or more passwords need to be changed (a Passportal User account has been disabled which had access to that password)
- One or more passwords using the AD Sync do not match up with the data on the Domain Controller (and are set to Report Mismatched)
These flags appear to the right of any particular client account.
- A single flag indicates that one password requires attention
- If more than one password is flagged within that client, the number of passwords flagged will be indicated in a golden circle to the upper right of the flag.
- If you want to see what the flag(s) are indicating, hover your mouse over the flag:
- Password Touched indicates a password has been accessed by a Passportal User account which has been disabled
- Password Expired indicates a password has exceeded the Client Password Rotation Policy
- AD Change indicates an AD Sync mismatch
Clearing Flags without addressing the flag cause