Issue with ID Vault password reset authorities

A client with a single organisation certifier wants to have different password reset authorities for two different groups of users.

I had though we could set up two ID vaults, have different lists of password reset authorities for each ID vault, and use two policies to determine which vault the user was added to.

However, it’s not working that way. Setting a list of password reset authorities in the Tools\ID Vaults\Manage… section of one vault changes the list in the other vault too. The list seems to be related to organisaiton certifier, not ID vault.

Is this just not possible, is it a bug, or am I missing something?

Subject: Working as designed

That is working as designed. Password reset capabilities are issued to password reset authorities by organizations or organizational units, not by the ID vault.If you would like to further limit password reset capabilities, you can develop your own password reset application using our APIs. See the ResetUserPassword method.