Configuring password policy

The password policy determines the requirements, such as minimum length and special characters, for user passwords.

Procedure

  1. Expand the menu options, click Administration, and click Password policy.
  2. Provide values in the following fields.
    If the password specified by a user does not satisfy the requirements that are specified in the fields of the General tab, the password is not accepted.
    Fields Description
    Minimum length Select the minimum length of the password.
    Maximum length Select the maximum length of the password.
    Minimum number of lowercase letters Select the minimum number of lowercase characters that must be provided.
    Allow special characters Select whether special characters are allowed.
    Minimum number of special characters Select the minimum number of special characters that must be provided.
    Special characters Provide the special characters that are allowed.
    Allow uppercase letters Select whether uppercase characters are allowed.
    Minimum number of uppercase letters Select the minimum number of uppercase characters that must be provided.
    Allow numbers Select whether numbers are allowed.
    Minimum number of numbers Select the minimum number of digits that must be provided.
    Allow commonly used password Select whether commonly used passwords can be provided.
    Common password (s) Provide the list of common passwords that must not be allowed.
    Allow sequential characters Select whether sequential characters are allowed.
    Minimum sequential characters Select the minimum number of sequential characters that must be provided.
    Allow repetitive characters Select whether redundant characters are allowed.
    Minimum repetitive characters Select the minimum number of repetitive characters that must be provided.
    Allow context-related password Select whether context-related passwords are allowed.
    Minimum context-related characters Select the minimum number of context-related characters that must be provided.
  3. In the Advanced tab, enable the following based on your requirements.
    Field Description
    Force change before first login Turn on to enforce the password change during user's first sign-in. When the setting is turned on, and if a user requests for a password reset, then a password change is enforced when the user logs in for the first time by using the system-generated reset password.
    Force change after reset Turn on to enforce the password change when a user resets the password and signs in to the application. You can turn on the setting to enforce users to change their password when they request for a password reset and sign in by using the newly reset password.
    Note: This setting is applicable only when the Force change before first login setting is enabled.
    Force different password Turn on to enforce to provide a different password if the user provides a password that is already in use.
    Activate reset confirmation Turn on to send a confirmation email for password reset. When you enable the setting, a password reset link that the user can use to reset their password.

    If the setting is not enabled, then a system-generated password is sent to user. When a system-generated password is sent to user you can enforce the change of password by turning on the Force change before first login setting. The system-generated password could be random and shared via email in plain text format. Hence, the user can change to a password that the user can easily remember.

    Link lifetime (in minutes) Provide the validity period for the confirmation link, in minutes.
    Activate password expiry Turn on to specify the number of days after which a password expires.

    In the Password lifetime (in days) field, specify the number of days a password is valid.

    Password lifetime (in days) Provide the number of days that a password must be valid. Passwords become invalid after the specified lifetime and users are asked to reset their passwords.
    Note: This field is visible only when Activate password expiry is turned on.
  4. Click Save.
    Your changes are saved.
    The set of password rules that are enabled here enhances the user account security by mandating users to employ strong passwords and use them properly.