Configuring Password Policy

Default Password Policy #

Password Policy allows an administrator to set up requirements for passwords. They can be set up globally as Defaults, or set for a specific group of users using Domains.

Password Policy covers a range of different criteria, which are outlined below:

User Password Change #

Property
Description
User must change password after reset Determines whether an end user is forced to change a password after an Administrator has reset his/her password.

  1. Yes: Users will be forced to change their password after a password reset.
  2. No: Users can use a valid supplied password after a password reset, and no further action is required.
User must change password if last change date cannot be determined Tells the system what to do in the event a “last changed date” cannot be determined.

  1. Yes: A “last changed date” is required for all passwords. Users will be forced to change their password if a last change date cannot be determined.
  2. No: A “last changed date” is optional, and no further action is required.
Throttle change Determines how often user can change password.

  1. Yes: Users are limited to how often they can change their own password.
  2. No: Users can change their own password as often as they want.

If Yes, an additional field will appear called “Age“. This determines a minimum amount of time before a password can be changed again. Time unit in seconds.

Keep change history Determines whether a history of passwords is kept.

  1. Yes: A history of passwords will be kept.
  2. No: Password history is not stored.

If Yes, an additional “Remember” field will appear. This field allows an administrator to configure the number of passwords stored.

Password Expiration

Property
Description
Never Expires Determines whether passwords will expire.

  1. Yes: Passwords never expire.
  2. No: Passwords will expire after the configured duration of time.

If No, then a “Expires after” field will appear, allowing an administrator to set a duration that determines when passwords expire. Time unit in days.

Warn Expiring Determines whether a warning is sent prior to expiring a password.

  1. Yes: A warning message will be exposed in the client prior to a password being expired.
  2. No: Passwords will expire without warning.

If Yes, then a “Warn” option will appear. This property allows an administrator to configure when an advanced warning of a password expiration should be exposed. Time unit in days before.


Password Length

Property
Description

Set a minimum length

Determines how long a password needs to be.

  1. Yes: Passwords are required to be at least a specified length.
  2. No: Passwords have no specified minimum length.

If Yes, then a “Minimum of” field will appear. This property allows an Administrator to configure the minimum length of all passwords.

Determines a maximum length for a password.

  1. Yes: Passwords are required to be less than or equal to a specified length.
  2. No: Passwords have no specified maximum length.

If Yes, then a “Maximum of” field will appear. This property allows an Administrator to configure the maximum length of all passwords.

Password Syntax

Property
Description

Must contain a digit (0-9)

Determines whether a password is required to have a digit (0-9).

  1. Yes: Passwords are required have a digit.
  2. No: Passwords do not require a digit.
Determines whether a password is required to have an upper case letter (A-Z).

  1. Yes: Passwords are required to have an upper case letter.
  2. No: Passwords do not require an upper case letter.
Must contain a lower case letter Determines whether a password is required to have a lower case letter (a-z).

  1. Yes: Passwords are required to have a lower case letter.
  2. No: Passwords do not require a lower case letter.
Must contain a special character Determines whether a password is required to have a special character.

  1. Yes: Passwords are required to have a special character.
  2. No: Passwords do not require a special character.
Custom Rule Enables a custom rule.

  1. Yes: Enables a custom rule.
  2. No: Hides the custom rule.

If Yes, see “Configure Custom Rule” section below.


Configure Custom Rule
#

Property
Description
Expression Rule entered as a regular expression. For example a password needs an equal sign, plus sign, or ampersand sign: .*[=+&].*
Match Determines match criteria

  1. Yes: Password must match the expression to be valid.
  2. No: Password must not match the expression to be valid.
Description Help text shown to the user in the password form.
Message to the User Message to display the user when password does not match the expression.

Inactive Account

Property
Description

Lock accounts due to inactivity

Determines whether to lock an account due to prolonged inactivity.

  1. Yes: Accounts will be locked after a configured period of inactivity.
  2. No: Accounts will not be locked due to inactivity.

If yes, then a “


Failure Attempts

Property
Lock accounts due to login failures Determines whether to lock an account due to consecutive login failures.

  1. Yes: Accounts will be locked after a configured number of failures.
  2. No: Accounts will not be locked due to login failure attempts.

If yes, see the “Configure Login Failures” section below.

Configure Login Failures #

After consecutive failed login of Determines the number of consecutive failed login attempts before an account is locked
Determines how long to wait before resetting the failure count. Time unit in seconds.
Lock indefinitely Locks an account indefinitely when the number of consecutive failed login attempts is reached
Unlocked after Determines how long an account is required to be locked, before it can be unlocked. Time unit in minutes .

Domain Password Policy #

In addition to configuring the global Password Policy for edgeCore, as detailed above, you can also optionally create a separate Password Policy for one or more individual Domains.

To create a custom Password Policy for an individual Domain, do the following:

  1. Under Provisioning, select Manage By: Domains.
  2. Click the name of the Domain for which you want to create a Password Policy.
  3. Click the “Password Policy” tab.
  4. Set “Inherit Policy from Default?” to No.
  5. Configure the Password Policy settings as described in the sections above.