Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Contents

How to configure Password Policy

Password Policy enables you to define how strong passwords should be and enforce security rules across your organization. You can set password complexity requirements, expiration periods, similarity rules, password history, and account lockout settings to protect user accounts from unauthorized access.

  • In the Policies section, select Password Policy.
    • miniorange Identity Platform Admin Handbook: Password Policies

  • Under Password Policy section, set the minimum and maximum length of the passwords. You also have the option to allow certain symbols.
    • miniorange Identity Platform Admin Handbook: Password Settings

  • Also, set a value for Password history. The value for password history cannot be less than 0 or more than 10.
  • This value indicates that the last 'n' passwords, cannot be same as the new password you will set for customer admin or its end users while changing or resetting password.
  • For Instance :
    • If the password history is set to 3 for a customer admin, when an end user's password is changed (e.g., to "Password1"), this is stored in their password history.
    • When the password is changed for the first time after enabling password history, it must follow the password policy and cannot be the same as the current password. For example, the new password could be "Password2."
    • On the second password change, the new password cannot be "Password1" or "Password2," as they are the last two passwords used. The new password must be different and follow the password policy, such as "Password3."
    • For the third password change, the new password cannot be "Password1," "Password2," or "Password3," as they are the last three passwords used. The new password must be different and meet the password policy requirements, for example, "Password4."
    • On the fourth change, the new password cannot be "Password2," "Password3," or "Password4." However, "Password1" can be reused since it is no longer among the last three passwords used.
  • You also have the option to set the password difficulty or complexity. Select the aspects you want in the passwords.
  • Password Similarity Rules: This feature controls how much of a user’s personal information can be reused in their password. This enhances security by preventing easily guessable passwords derived from user details.
  • Configurable Restrictions: Customer/ Superadmin can choose which personal attributes should be restricted from being used in passwords. The selected items will be validated against the password during creation or change.

    • The following attributes can be restricted:

    • Email address
    • Username
    • First name
    • Last name

    Only the selected attributes are checked for password similarity.

    miniorange Identity Platform Admin Handbook: Password Similarity Rules

  • Maximum Similar Characters Allowed: This setting defines the maximum number of consecutive characters from the selected personal details that are allowed in a password. By default, up to 2 consecutive characters from the selected personal are allowed.
  • Validation is performed against all selected personal attributes

    • Example:

  • Username: alexa [Maximum Similar Characters Allowed: 4]
    • Password Result Reason
    al@123 Allowed Contains only 2 consecutive characters (al)
    alexa@123 Not Allowed Contains 5 consecutive characters (alexa)

  • Validation while changing password: Based on the selected options under Password Similarity Rules, an inline validation message is shown on the Change Password screen describing the exact password policy requirements.
    • miniorange Identity Platform Admin Handbook: Changed Password


  • Lock-Out Settings:
    • For locked user accounts, you have the option to enable email stating their accounts are locked.
    • You can also enable forgot password option along with maximum login attempts.
    miniorange Identity Platform Admin Handbook: Lock-Out Settings and Enduser Password Settings

  • Enduser Password Settings:
    • In the end-user password settings, if you enable the setting it would require users to update their password on their next login following a password reset by the admin.
    • Click on the Save details button, to save all the changes you made in the password settings.