- 08 Aug 2024
- 2 Minutes to read
- Print
- PDF
Password Policy
- Updated on 08 Aug 2024
- 2 Minutes to read
- Print
- PDF
A Password Policy outlines rules and requirements for creating and managing passwords within an application, essential for safeguarding against security threats. It is necessary to enforce such policies to enhance overall security. Users are provided with the option to customize these guidelines to suit specific organizational needs, ensuring stronger passwords are consistently chosen for increased protection.
You can configure the Password Policy for organization at three different levels:
- Global - You can configure the Password Policy at the instance level.
- Domain - You can configure the Password Policy at the Domain level.
- Sub Domain - You can configure the Password Policy at the Sub Domain level.
Global
Enables you to configure rules and guidelines for password management across organization at the instance level.
To configure the Password Policy at Global level, perform the following steps:
- Navigate to Platform Studio > Platform Topology > Global Settings > Password Policy.
The Password Policy screenshot is displayed. Figure: Password Policy - Enter the required details as mentioned in the following table and click Save.
Field | Description |
---|---|
Minimum length of characters | Enter the minimum number of characters required for a password. The entered characters must be equal to or more than 8 characters. Only numerical values are accepted. |
Password Expiry (In Days) | Specify the number of days after which passwords will expire and need to be renewed. Enter a numerical value for the expiration period. |
Password Expiry Alert (In Days) | Enter the number of days before password expiration when users will receive an alert. Only numerical values are accepted. |
Number of wrong password attempts | Set the maximum number of wrong password attempts allowed before an account is temporarily locked. By default, this is set to three attempts. |
Unlock account in (Minutes) | Specify the time period (in minutes) after which a locked account will be automatically unlocked. By default, this is set to 10 minutes. |
Password should not be the same as last passwords (in numbers) | Enter the number of previous passwords that must be different from the current password. Only numerical values are accepted. |
Should have at least one special characters (ex:!@#$%*&/,\) | Enable this toggle button to require password must include at least one special character (e.g., !@#$%*&/,). |
Exclude any special character (ex: !@#$%*&/,\) | Enter the special character to prevent passwords from including any special characters. |
Include at least one Upper Case letter (ex:ABCD) | Enable this toggle button to require password must include at least one uppercase letter (e.g., ABCD). |
Include at least one Lower Case letter (ex:abcd) | Enable this toggle button to require password must include at least one lowercase letter (e.g., abcd). |
Should have at least one number (ex:12345) | Enable this toggle button to require password must include at least one number (e.g., 1234). |
Should have at least one alphabet (ex: Abcde) | Enable this toggle button to require password must include at least one alphabet (e.g., Abcde). |
Cannot contain username or Email address | Enable this toggle button to prevent passwords from containing the username or email address. Example If the user's email ID is John.Steven@xyz.com, then the password cannot be entered as “John.Steven@xyz.com'. |
Domain
Select the Domain for which you need to configure the Password Policy. This configuration will apply to the entire application.
Sub Domain
Select the Sub Domain for which you need to configure the Password Policy.