Default Password Policy
Password Policy allows an administrator to set up requirements for passwords. They can be set up globally as Defaults, or set for a specific group of users using Domains.
Password Policy covers a range of different criteria, which are outlined below:
User Password Change
| Property | Description |
|---|---|
| User must change Password after reset | Determines whether an end-user is forced to change a password after an administrator has reset his/her password. |
| User must change Password if the last change date cannot be determined | Tells system what to do in the event a “last changed date” cannot be determined. Yes: A “last changed date” is required for all passwords. Users will be forced to change their password if the last change date cannot be determined. No: A “last changed date” is optional, and no further action is required. |
| Throttle Change | Determines how often users can change passwords. Yes: Users are limited to how often they can change their own password. No: Users can change their own password as often as they want. |
| Keep Change History | Determines whether a history of passwords is kept. Yes: A history of passwords will be kept. No: Password history is not stored. |
Password Expiration
| Property | Description |
|---|---|
| Never Expires | Determines whether passwords will expire. Yes: Passwords never expire. No: Passwords will expire after the configured duration of time. If No, then an Expires After field will appear, allowing an Administrator to set a duration that determines when passwords expire. Time unit in days. |
| Warn Expiring | Determines whether a warning is sent prior to expiring a password. Yes: A warning message will be exposed in the client proper to a password being expired. No: Passwords will expire without warning. If Yes, then a Warn option will appear. This property allows an Administrator to configure when an advanced warning of a password expiration should be exposed. Time unit in days before. |
Password Length
| Property | Description |
|---|---|
| Set a Minimum Length | Determines how long a password needs to be. Yes: Passwords are required to be at least a specified length. No: Passwords have no specified minimum length. If Yes, then a Minimum of the field will appear. This property allows an Administrator to configure the minimum length of all passwords. |
| Set a Maximum Length | Determines a maximum length for a password. Yes: Passwords are required to be less than or equal to a specified length. No: Passwords have no specified maximum length. If Yes, then a Maximum of options will appear. This property allows an Administrator to configure the maximum length of all passwords. |
Password Syntax
| Property | Description |
|---|---|
| Must contain a digit (0-9) | Determines whether a password is required to have a digit (0-9). Yes: Passwords are required to have a digit. No: Passwords do not require a digit. |
| Must contain an upper case letter | Determines whether a password is required to have an upper case letter (A-Z) Yes: Passwords are required to have an upper case letter. No: Passwords do not require an upper case letter. |
| Must contain a lower-case letter | Determines whether a password is required to have a lower-case letter (a-z). Yes: Passwords are required to have a lower case letter. No: Passwords do not require a lower case letter. |
| Must contain a special character | Determines whether a password is required to have a special character. Yes: Passwords are required to have a special character. No: Passwords do not require a special character |
| Custom Rule | Enables a custom rule. If yes, see “Configure Custom Rule” section below. |
Configure Custom Rule
| Property | Description |
|---|---|
| Expression | Rule entered as a regular expression. For example, a password needs an equal sign, plus sign, or ampersand sign. .*[=+&].* |
| Match | Determines match criteria Yes: Password must match the expression to be valid. No: Password must not match the expression to be valid. |
| Description | Help text is shown to the user in the password form. |
| Message to the User | Message to display the user when the password does not match the expression. |
Inactive Account
| Property | Description |
|---|---|
| Lock accounts due to inactivity | Determines whether to lock an account due to prolonged inactivity. Yes: Accounts will be locked after a configured period of inactivity. No: Accounts will not be locked due to inactivity. If Yes, then a After Inactivity Of field will appear, allowing an Administrator to configure how long an account can remain inactive before being locked. Time unit in days. |
Failure Attempts
| Property | Description |
|---|---|
| Lock accounts due to login failures | Determines whether to lock an account due to consecutive login failures. Yes: Accounts will be locked after a configured number of failures No: Accounts will not be locked due to login failure attempts. If Yes, see the “Configure Login Failures” section below. |
Configure Login Failures
- After consecutive failed login of – Determines the number of consecutive failed login attempts before an account is locked.
- Reset Failure count after – Determines how long to wait before resetting the failure count. Time unit in seconds.
- Lock indefinitely – Locks an account indefinitely when the number of consecutive failed login attempts is reached.
- Unlocked after – Determines how long an account is required to be locked, before it can be unlocked. Time unit in minutes.
Domain Password Policy
In addition to configuring the global Password Policy for edgeCore, as detailed above, you can also optionally create a separate Password Policy for one or more individual Domains.
To create a custom Password Policy for an individual Domain, do the following:
- Under Provisioning, select Manage By: Domains.
- Click the name of the Domain for which you want to create a Password Policy.
- Click the “Password Policy” tab.
- Set “Inherit Policy from Default?” to No.
- Configure the Password Policy settings as described in the sections above.