Password policy management

The Password Policy tab in Site Administration enables you to manage the password polices of your site (for on-premises) or customer (for SaaS) users.

Permission

To access the Password Policy tab, you should have the following permissions:

  • On-premises: Site admins

  • SaaS: Site admins or customer admins, or have the User Management > Set User Authentication Policy permission.

Back to top

Add a policy

Add a password policy and define a custom set of restrictions for the password policy. You can create a policy or copy from an existing policy.

To add a policy:

  1. Open the Site Administration > Password Policy tab.

  2. Click the add policy button .

    Alternatively, you can copy from an existing policy:

    1. From the All Policies list, hover over the policy to copy from.

    2. Click Clone Policy .

  3. Enter the policy name and click the check button .

  4. Define the restrictions for the policy.

    For details about restrictions, see Policy restrictions.

To rename or delete a policy:

  1. From the All Policies list, hover over the policy to rename or delete.

  2. Click Rename Policy or Delete Policy .

    You cannot delete the default policy or any policy that have users associated with it.

Back to top

Policy restrictions

The following table explains the restrictions you can apply to your password policies.

Restriction On Details
Alphabetic characters

The following restriction controls whether a password must contain a minimum number of alphabetic characters.

Lower case letters

The following restriction controls whether a password must contain a minimum number of lower-case letters.

Valid values: Enter an integer no less than 1.

Upper case letters

The following restriction controls whether a password must contain a minimum number of upper-case letters.

Valid values: Enter an integer no less than 1.

Numeric characters

The following restriction controls whether a password must contain a minimum number of numeric characters.

Valid values: Enter an integer no less than 1.

Minimal length

Maximal length

The following restriction controls whether a password must be no shorter and no longer than a specific length.

Valid values: Enter an integer no less than 8 for the minimum length, and an integer bigger than 8 for the maximum length.

Unsuccessful login attempts
  • The following restriction controls whether a user is locked after consecutive failed logins, including:

    • Allowed times of consecutive failed login attempts.

    • Allowed time interval between failed login attempts.

    • Before being unlocked automatically, how long a user is locked when the allowed limits are reached.

  • The following restriction controls whether a user is permanently locked (unless being unlocked by admins) after a maximum number of consecutive failed logins within a specific time period.

    Valid values: Enter an integer between 1 and 8 (inclusive) for consecutive failed login attempts, and an integer no less than 24 for hours.

Note:

When you use both the restrictions at the same time, a user is locked when either of the restriction is reached.

Similarity to previous passwords
  • The following restriction controls whether a password can be identical to one of previous passwords. The passwords are compared in a case-insensitive manner. For example "abc" is considered identical to "ABC".

  • (For SaaS only) The following restriction controls whether a password can contain a maximum number of consecutive characters that are used in the last password:

Resetting password

The following restriction controls:

  • Whether users must reset their passwords regularly.

  • Whether email notifications should be sent to users a specific days before the expiry dates.

Valid values: Enter an integer between 1 and 90 (inclusive) for the every <number> days field, and a number between 0 and 90 (inclusive) for the <number> days before field. If you enter 0 for the <number> days before field, it means no notification email is sent to remind the expiry date.

Frequency of changing password

The following restriction controls the allowed maximum times of changing passwords within a specific time period.

Similarity to login name
  • The following restriction controls whether a user's password can contain a maximum number of consecutive characters that are used in the user's login name.

  • The following restriction controls whether a user's password can be part of the login name.

Similarity to full name
  • The following restriction controls whether a user's password can contain a maximum number of consecutive characters that are used in the user's full name.

  • The following restriction controls whether a user's a user's password can be part of the full name.

Similarity to email
  • The following restriction controls whether a user's password can contain a maximum number of consecutive characters that are used in the user's email address.

  • The following restriction controls whether a user's password can be part of the email address.

Repeating same character

The following restriction controls whether a password can contain a maximum occurrences of the same character:

Repeating substring

The following restriction controls whether a password can repeat a string, including:

  • Allowed maximum length of the string.

  • Allowed maximum number of repeat times.

Special characters

The following restriction controls whether a password must contain a minimum number of special characters:

Allowed special characters include $, #, and @.

Beginning character

The following restriction controls whether a password must begin with an alphabetic (a to z) or a numeric character (0 to 9).

Back to top

Set default policy

The default password policy is assigned automatically to new users.

To set a policy as the default policy:

  1. From the All Policies list, select the target policy.

  2. Click Set as Default Policy , and click OK in the confirmation dialog box.

    The default policy is indicated by the green DEF icon.

Back to top

Assign a policy

All users are by default assigned the default policy. You can assign a different policy to users globally or individually.

If a user's password does not follow the rules of the policy assigned, the user is prompted to update the password in the next login.

To assign a policy globally:

  1. From the All Policies list, select the target policy.

  2. Click Assign Policy to All Users , and click OK in the confirmation dialog box.

    The policy is assigned to all site users (for on-premises) or all users of the active customer (for SaaS).

To assign a policy individually:

You can assign a policy to users individually by updating the Password Policy field in the user's details.

For details, see Update user details.

Back to top

See also: