Defining security settings
The Security Policies page enables administrators to create and manage password policies for users. These settings control password requirements, expiration period, and the reuse policy.
To view security policies, in the Admin console, click Settings > Security Settings.
Create or edit a security policy
To create a new policy:
- Click Add New Policy. To edit an existing policy, click a policy name in the list and then click Edit so that you can make updates.
For new policies, the Add New Policy page displays.
- In the Details section, define a Policy Name and Description. It is helpful if the description includes information on the intent and target roles for the policy.
- In the Authentication Type list, select whether the policy will use a standard password, or will be used with single sign-on. See Create the SSO security policy if you are creating an SSO policy.
- Choose the password requirements for each user's password:
- Number - Enforce at least one number.
- Upper-case letter - Enforce at least one upper-case letter.
- Lower-case letter - Enforce at least one lower-case letter.
- Special character - Enforce at least one symbol character.
- In the Minimum Password Length list, select a minimum length for a user's password.
- In the Password Expiration list, select an expiration time, or none, for a user's password.
- In the Password History Reuse list, select a setting to specify whether users can reuse previously used passwords.
- Save your changes.
The next time a user changes their password, these requirements will be applied.
Reset all passwords
Resetting all passwords can help you enforce a new password security policy A user-assigned configuration that defines Network permissions and security-related preferences.. For example, if you change the minimum length, resetting all passwords forces users to create passwords that comply with the new minimum length requirement. When you choose to reset all passwords, all users receive a notification email at the account specified in their profiles.
On the Security Settings page, click Reset All Passwords.
Log in attempts
For standard password policies, users are allowed five unsuccessful log in attempts. After the fifth attempt, they will be locked out of the Network instance. To enable their account again, they can click the Forgot your password link and reset their password.