This article contains information for On-Premise accounts. If your account is
hosted in the cloud, this article is not applicable.
You can set a password policy without using the default SQL password policy. If you use Active Directory authentication, it is not recommended to configure the password policy through the Edit Site Configuration screen; you can configure the password policy directly through Active Directory. If you activate Password Age, your users are erroneously prompted to change their passwords after the amount of days within the field.
To set a password policy without using the default SQL password policy:
- Click the Edit Site Configuration link from the Main Menu. The Edit Site Configuration screen opens.
- Expand the Password Complexity section.
- Enter the necessary information:
- Minimum Password Length - Fewest number of characters allowed for a password.
- Maximum Invalid Attempts - Number of times a user can enter an invalid password before being locked out of the software. Leave this field blank to disable lock outs.
- Password Age - Number of days before the password expires and a user must create new password.
- The value must be zero (0) or greater. There is no maximum value.
- If value is set to zero (0) passwords will not expire.
- Password History - Number of unique passwords a user must have before a user can reuse a password.
- Case Sensitive - If checked, the casing of password is validated.
- Requires Mixed Case - If checked, the password is required to contain both lowercase and uppercase letters.
- Requires Number - If checked, the password is required to contain a number.
- Requires Symbol - If checked, the password is required to contain a symbol.
- If a value is entered into the Maximum Invalid Attempts field, expand the User Lockout section.
- Enter the following information:
- Lockout Reset Length (in hours) - Number of hours the user is locked out of the software after surpassing the value entered in the Maximum Invalid Attempts field. This applies only to users automatically locked out by Enterprise. Users manually locked out by an administrator are permanently locked and you must manually unlock them.
- Lockout Duration Length (in hours) - Number of hours that must elapse after the first invalid logon attempt before the Maximum Invalid Attempts counter is reset.
- Click OK.
Comments
0 comments
Please sign in to leave a comment.