About password policy

The application provides an in-built and flexible password policy management for controlling password use and behavior. A password policy is a set of rules to define, control and manage user passwords. You can configure your own rules for the password policy, as applicable. The password policy is set at the organization or enterprise level.

The password policy broadly governs the following password characteristics:
  • Password strength—Password strength controls the length of the password (minimum and maximum length), special characters in the password and password reuse.
  • Password generation—Password generation controls generating a password during user creation, frequency of password expiration, failed login attempts and user roles that may affect the password policy.
  • Password reset—Password reset controls resetting of the password through different protocols such as e-mail, SMS or any other.
  • User authentication—User authentication includes authenticating users by using secret questions and answers whenever a user password is reset or changed.

Additionally, password policy configuration can be used to deny access to users in case of repeated invalid login attempts.

Note: If LDAP is used, the password management must be handled externally.