Password policy management

The Password Policy tab in Site Administration enables you to manage the password polices of your site (for on-premises) or customer (for SaaS).

Permission

To access the Password Policy tab, you should have the following permissions:

On-premises: Site admins
SaaS: Site admins or customer admins, or have the User Management > Set User Authentication Policy permission.

Add a policy

Add a password policy and define a custom set of restrictions for the password policy. You can create a policy or copy from an existing policy.

To add a policy:

Open the Site Administration > Password Policy tab.
Click the add policy button .

Alternatively, you can copy from an existing policy:
1. From the All Policies list, hover over the policy to copy from.
2. Click Clone Policy .
Enter the policy name and click the check button .
Define the restrictions for the policy.

For details about restrictions, see Policy restrictions.

To rename or delete a policy:

From the All Policies list, hover over the policy to rename or delete.
Click Rename Policy or Delete Policy .

You cannot delete the default policy or any policy that have users associated with it.

Policy restrictions

The following table explains the restrictions you can apply to your password policies.

Restriction On	Details
Alphabetic characters	The following restriction controls whether a password must contain a minimum number of alphabetic characters.
Lower case letters	The following restriction controls whether a password must contain a minimum number of lower-case letters.
Upper case letters	The following restriction controls whether a password must contain a minimum number of upper-case letters.
Numeric characters	The following restriction controls whether a password must contain a minimum number of numeric characters.
Minimal length Maximal length	The following restriction controls whether a password must be no shorter and no longer than a specific length. Valid values: Enter an integer no less than 8 for the minimum length, and an integer bigger than 8 for the maximum length.
Unsuccessful login attempts	The following restriction controls whether a user is locked after consecutive failed logins, including: Allowed times of consecutive failed login attempts. Allowed time interval between failed login attempts. Before being unlocked automatically, how long a user is locked when the allowed limits are reached. The following restriction controls whether a user is permanently locked (unless being unlocked by admins) after a maximum number of consecutive failed logins within a specific time period. Valid values: Enter an integer between 1 and 8 (inclusive) for consecutive failed login attempts, and an integer no less than 24 for hours. Note: When you use both the restrictions at the same time, a user is locked when either of the restriction is reached.
Similarity to previous passwords	The following restriction controls whether a password can be identical to one of previous passwords. The passwords are compared in a case-insensitive manner. For example "abc" is considered identical to "ABC". (For SaaS only) The following restriction controls whether a password can contain a maximum number of consecutive characters that are used in the last password:
Resetting password	The following restriction controls whether users must reset their passwords regularly. Valid values: Enter an integer between 1 and 90 (inclusive) for the every <number> days field.
Frequency of changing password	The following restriction controls the allowed maximum times of changing passwords within a specific time period.
Similarity to login name	The following restriction controls whether a user's password can contain a maximum number of consecutive characters that are used in the user's login name. The following restriction controls whether a user's password can be part of the login name.
Similarity to full name	The following restriction controls whether a user's password can contain a maximum number of consecutive characters that are used in the user's full name. The following restriction controls whether a user's a user's password can be part of the full name.
Similarity to email	The following restriction controls whether a user's password can contain a maximum number of consecutive characters that are used in the user's email address. The following restriction controls whether a user's password can be part of the email address.
Repeating same character	The following restriction controls whether a password can contain a maximum occurrences of the same character:
Repeating string	The following restriction controls whether a password can repeat a substring, including: Allowed maximum length of the substring. Allowed maximum number of repeat times.
Special characters	The following restriction controls whether a password must contain a minimum number of special characters: Allowed special characters include $, #, and @.
Beginning character	The following restriction controls whether a password must begin with an alphabetic (a to z) or a numeric character (0 to 9).

Set default policy

The default password policy is assigned automatically to new users.

To set a policy as the default policy:

From the All Policies list, select the target policy.
Click Set as Default Policy , and click OK in the confirmation dialog box.

The default policy is indicated by the green DEF icon.

Assign a policy

All users are by default assigned the default policy. You can assign a different policy to users globally or individually.

If a user's password does not follow the rules of the policy assigned, the users is prompted to update the password in the next login.

To assign a policy globally:

From the All Policies list, select the target policy.
Click Assign Policy to All Users Policy , and click OK in the confirmation dialog box.

The policy is assigned to all site users (for on-premises) or all users of the active customer (for SaaS).

To assign a policy individually:

You can assign a policy to users individually by updating the user's details.

For details, see Update user details.