The Security Settings page enables Admins to specify a password policy for their account.
To configure password settings you must have Enable password management enabled for your account. For more information, contact our Support Team.
To specify a password policy for your account:
- Go to Admin > Security Settings.
- Specify the following password rules:
- Toggle the Enable password expiry notification to ON to set up notifications leading up to password expiration dates. Then you can optionally change the values of the following parameters:
- First notification will be sent days prior to password expiry (7 or 14)
- Number of notifications prior to expiry (0, 1, 2, 3, 4, or 5)
|Password Setting||Possible Values||Default Value|
|Minimum number of days before a password can be changed||Integers between 0 (default) and 365||0- indicates that passwords can be changed immediately.|
|Number of passwords the system will store in history||Integers between 0 and 30||0- indicates that no password history will be stored and the password can be re-used immediately.|
|Days until password expires||Integers between 0 and 365||0 - indicates that passwords never expire.|
- Specify the Minimum password length (in characters). The possible values are integers between 0 and 100.
- Check the box beside the any of the four rules you want all passwords to satisfy (you can select more than one):
One or more uppercase characters
One or more lowercase characters
One or more numbers
One or more of these special characters (~ ! @ # $ % ^ & *)
Select the Number of rules required — i.e., how many of the rules in Step 5 must be met by each password.
Select the Maximum invalid login attempts — i.e., how many times a user can provide an incorrect password before their account is locked out.
The following additional security settings can be configured or changed by contacting our Support Team.
Password URL expiration: When a user requests a password reset they will be redirected to a password reset URL. By default, this URL will expire after 60 minutes.
Idle access lockout: The default amount of time a user can remain idle is 30 minutes, after which they will be automatically logged off.