2026-05-20 New feature: clear and set passwords

From now on, passwords for disabled accounts will be cleared and we will set them up again when the account is reactivated.

This new feature consists of two steps:

To understand this behaviour, it is necessary to bear in mind several concepts within Soffid:

The password is updated in Soffid within the user’s password domain, and the password domain is responsible for replicating the new password across all of the user’s accounts belonging to the same password domain.
The password is cleared only for the account, not for the user's password domain.
The cleared or set up password synchronisation to the end system depends on Soffid’s. synchronisation engine and the agent’s configuration; the engine should be set up to automatic, the agent sep up to write mode and enabled, and there should be no preUpdatePassword trigger to block the change.
When the account is reactivated, the password can be set up again because it exists in the password domain.

The following components must be installed:

From these versions onwards, this new feature will run automatically..

Let’s look at an example with anthe agent app-demo connected to a small database.

We have athe user david_wilson with accounts on several ~~systems.~~systems, one of them app-demo.

First, we set the password to Dummy01.

We confirm that itthe password has been updated directly on the end system (the database).

Now we disable the account and confirm that it has been cleared

Finally, we reactivate it and confirm that it has been reset correctly