Password Policy Manager
The Password Policy Manager allows administrators to define a global password policy through the following criteria:
Policies
Syntax
Restricted Password Values
Navigate to Configuration > Policies > Authentication > Password.
You can create a new policy by clicking the + symbol beneath the listed policies. You can use the Password Policy Manager to create, edit, or delete Custom Policy, modify the Default Policy, or even replace the Default Policy with a Custom Policy.
 |
There are three available tabs on this screen: General, Password Syntax, and Restricted Passwords.
Note
The system evaluates all custom policies' "Affected Users" specifications for a match from top to bottom when deciding which password policy to use for a particular user. If none of the custom policies apply to the user, the Default Policy is used, regardless of where it appears in the list.
 |
Section | Field | Description |
|---|---|---|
General | Name | Give the policy a name that makes the policy easy to identify. This will be displayed to the user when they are prompted to create a password. (After the policy has been saved, an ID will show up above this field that represents the policy's unique identifier within the system.) |
Description | This will also be displayed to the user when they are prompted to create a password. Administrators can use basic HTML formatting to ensure the message is easy to read and understand. | |
Enabled | Select this checkbox to enable the policy for all applicable users. | |
Default Policy | Select this checkbox to change this policy to the default. When checked, the Affected Users section will be hidden, and the existing Default Policy will be converted to a Custom Policy. | |
Affected Users | Access Control | Choose whether to filter this policy by Attributes, Roles, or None. If Attribute-based or Role-based is chosen, you will need to set the attribute or role to be used for this feature. (This field is only visible for custom policies.) |
Password Reset | Allow Password Reset to Attribute Value | Select this checkbox to enable users to reset other users' passwords to a Default value. With this enabled, choose which user attribute will provide that value (phone number, username, etc.) |
Allow Random Password Generation | Select this checkbox to allow passwords governed by this policy to be reset to random values when performing delegated or self-service password reset. | |
Default for "User Must Change Password At Next Login" | Select this checkbox to choose whether the "User Must Change Password At Next Login" option is automatically selected when delegated administrators change the password for other users associated with this policy. |
 |
Section | Field | Description |
|---|---|---|
General | Password Length | Define the minimum and maximum number of characters required for the current Password Policy. NoteSetting the minimum length to If both values are greater than zero, the Minimum Length character count must be less than or equal to the Maximum Length character count. |
Regular Expression for Allowed Characters | Insert a string to enforce further password complexity rules as needed. This can force include or force exclude certain characters at the creation of password for users that qualify for this policy. | |
Character Sets to Meet | Number of Character Sets as defined in the next section that the password must meet to match the requirements of this policy. NoteUpon clicking Save, any number entered here that is greater than the number of nonzero Character Sets will revert to the total number of nonzero Character Sets, with a maximum of 5. | |
Meet AD Complexity Requirements | Pressing this button changes the Password Length Minimum to 7 and Character Sets to Meet to 3. These are the default Password Complexity requirements as set by the AD industry standard. | |
Character Sets | Uppercase Letters | Define the minimum and maximum number of Uppercase Letters (A-Z) that must be included. Setting or keeping this field as |
Lowercase Letters | Define the minimum and maximum number of Lowercase Letters (a-z) that must be included. Setting or keeping this field as | |
Numbers | Define the minimum and maximum number of Numbers (0-9) that must be included. Setting or keeping this field as | |
Special Characters | Define the minimum and maximum number of Special Characters (i.e., | |
Unicode Characters | Define the minimum and maximum number of Unicode Characters that must be included. Setting or keeping this field as |
 |
Section | Field | Description |
|---|---|---|
Match by Text | Case Sensitive Match | Check this box to enforce case sensitivity against any Restricted Passwords defined below. |
Full Match | Check this box to restrict any phrases that fully match any of the Restricted Passwords defined below. | |
Restricted Passwords | Click +Add Another to include any words and phrases that are to be restricted from use in a user's password. NoteExcessively long lists in this field can cause usability or performance issues. | |
Match by Regular Expression | Restricted Passwords | Click +Add Another to include any regular expressions that are to be restricted from use in a user's password. NoteExcessively long lists in this field can cause usability or performance issues. |
Match by Attribute Value | Case Sensitive Match | Check this box to enforce case sensitivity against any Restricted Attribute Values defined below. |
Full Match | Check this box to restrict any Attributes that fully match any of the Restricted Passwords defined below. | |
Meet AD Complexity Attribute Exclusions | Check this box to enforce AD industry standard complexity requirements when using Attributes to build a user's password. | |
Restricted Passwords | Click +Add Another to include any Attributes that are to be restricted from use in a user's password. NoteExcessively long lists in this field can cause usability or performance issues. |