Define Password Policy

Creating a password policy lets you set up the rules or conditions for the use of password by all users in your organization.

You can define a password policy for a user category so that it applies to all the users of that user category.

1. On the User Category: Details page, click Password Policy.
2. Click Edit.
3. Set the following values:
   • Days Before Password Expiration – Specifies the number of days for which a password remains valid. After this period, users must reset their passwords. By default, users whose passwords expire must use the Forgot Password option.
   • Days Before Password Expiry Warning – Specifies when a user is notified that a password is about to expire. By default, users are prompted to sign in and change their passwords. This value must be equal to or less than the value of the Days Before Password Expiration option.
     Note: Make sure that the value you provide for Days Before Password Expiry Warning is lesser than the value for Days Before Password Expiration. Otherwise, there wouldn't be enough time for users to respond to the expiry warning notification.
   • Hours Before Password Reset Token Expiration – Specifies how long a reset-password link remains active, in the notification email that's sent when users request a password reset. If the link expires before the password is reset, then reset must be requested again.
     Note: The Password Expiry Report sends the password expiration warning and password expired notifications. We recommend that you schedule this report to run daily to help users know when their passwords have to be reset.
4. Select a password complexity type that defines a password format. The parameters and their values automatically change based on the selected option.

   Password Complexity Options

   Complexity Type	Requirement
   Simple	Must contain at least 8 characters, 1 number. This is the default complexity type.
   Complex	Must contain at least 8 characters, 1 uppercase, 1 number
   Very Complex	Must contain at least 8 characters, 1 uppercase, 1 number, 1 special character
   Custom	Provides the flexibility to specify a combination of parameters to define a custom password. By default, the parameters are populated with predefined set of values to get you started. Note: For more information about defining custom password, see topic Configure a Custom Password Policy in the Related Topics section.

5. Select Disallow last password to ensure that the new password is different from the last password. If the user requests password reset by selecting Settings and Actions > Set Preferences > Password, then this option determines whether the last password can be reused. However, when a user's password expires, the user can reuse the last password. This option doesn't affect password reuse after expiry. This option doesn't take affect the first time a password is reset if a user is moved from a user category that didn’t have the Disallow last password option checked.
6. Leave the Administrator can manually reset password option selected. Passwords can be either generated automatically or reset manually by the IT Security Manager. Select this option to allow user passwords to be reset manually. All passwords, whether reset manually or generated automatically, must satisfy the current complexity rule.
   Note: If you deselect this option, then the Reset Password dialog box doesn’t display the option to manually change the password. The application automatically resets the password when the user requests it.
7. Click Save and Close.