Once Password Management is enabled, you can configure the Password Policy. Administrators define password policy based on enterprise requirements. When configured, the Password Options and Challenge Options are used by both the Embedded Credential Collector (ECC) and Detached Credential Collector (DCC).
See Understanding Credential Collection and Login for information on the Credential Collection options.
Follow this procedure to access the Password Policy configuration page.
Various options are available on the password policy configuration page.
Figure 24-1 Password Policy Configuration Page
Table 24-2 describes the configurable Password Policy options (as read from left to right in the console). These elements are used by both the ECC and DCC.
Table 24-2 Password Policy Elements
Element | Description |
---|---|
Minimum Uppercase Characters |
Defines the minimum number of uppercase characters required in a password. |
Minimum Lowercase Characters |
Sets the minimum number of lowercase characters required in a password. |
Minimum Alphabetic Characters |
Defines the minimum number of special characters allowed in the password. |
Minimum Numeric Characters |
Sets the minimum number of numeric characters required in a password. |
Minimum Alphanumeric Characters |
Defines the minimum number of alphanumeric characters required in a password. |
Minimum Special Characters |
Sets the minimum number of special characters required in a password. |
Maximum Special Characters |
Defines the maximum number of special characters allowed in a password. |
Minimum Unicode Characters |
Defines the minimum number of unicode characters required in a password. |
Maximum Unicode Characters |
Sets the maximum number of unicode characters allowed in a password. |
Minimum Password Length |
Sets the total minimum number of characters required in a password. |
Maximum Password Length |
Defines the total maximum number of characters allowed in a password. |
Characters Required |
Defines the specific characters that are required in a password. No delimiter is needed or allowed in this definition. |
Characters Not Allowed |
Sets the specific characters that cannot be used in a password. No delimiter is needed or allowed in this definition |
Characters Allowed |
Defines all allowed characters in a password. No delimiter is needed or allowed in this definition |
Substrings Not Allowed |
Specific character strings that are not allowed in a password. Use a comma as the delimiter in this definition. |
Alphabetic Character Must Start Password |
Specifies that the first character in a password must be alphabetic, when checked. |
Can Include User's Last Name |
Specifies that the user's last name is allowed in the password, when checked. |
Can Include User's First Name |
Specifies that the user's first name is allowed in the password, when checked. |
Can Include User ID |
Specifies that the user's userID is allowed in the password, when checked. |
Warn after (days) |
Defines the number of days before a designated date in which a user will be warned about password expiration. For example, you enter 30 in the Expires After (Days) field, and 20 in the Warn After (Days) field, and the password is created on November 1. On November 21, the user will be informed that the password will expire on December 1. This field accepts values from 0 to 999. |
Maximum Attempts |
Identifies the maximum number of login attempts a user can make before a lockout. |
Expire after (days) |
Defines the period of time (in days) that the password is valid. |
Lockout Duration (minutes) |
Identifies the period of time the user is locked out (in minutes) after the designated number of failed login attempts. After this period, the user can attempt a fresh login. |
Permanent Lockout |
specifies permanent lockout after the designated number of failed login attempts. |
Disallow Last |
Defines the number of previous passwords that cannot be used when the user changes her password. |
Password Dictionary File |
Identifies the physical file on OAM Servers that contain the list of restricted words that can not be specified in a password. |
Password File Delimiter |
Defines the delimiter used in the Password Dictionary file to separate various words. For example, if the file contains |
Password Service URL |
The location of various password pages. |