Note |
---|
If you create a different password policy, remember to update the System Configuration → Advanced → Password Policy to use it. |
If you do not want to use PhixFlow's accounts to manage user access, but instead want to integrate PhixFlow with a single sign-on system, see:
See also pages in the PhixFlow User Administration topic.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Using a Different Password Policy
To use a different password policy:
- In the repository browser, scroll to System Configuration and click to open its property tab; see System Configuration.
- Expand the Advanced section.
- In the Password Policy field, select the policy you require from the drop-down list.
Adding or Changing a Password Policy
To create or change a password policy, in the repository browser scroll down to the
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|
Basic Settings
Note |
---|
Except for Minimum Length, an empty field means that PhixFlow does not apply a restriction. |
Field | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Name | Name of the password policy | ||||||||||
Passwords must have at least: | |||||||||||
Minimum Length | The minimum number of characters in password. If this field is left empty, the minimum length is 1. | ||||||||||
Upper Case Chars | The minimum number of upper case characters [A-Z] in the password. | ||||||||||
Lower Case Chars | The minimum number of lower case characters [a-z] in the password. | ||||||||||
Numeric Chars | The minimum number of digits [0-9] in the password. | ||||||||||
Special Chars | The minimum number of special characters in the password. Allowed special characters are:
| ||||||||||
A new password cannot be the same as: | |||||||||||
A password used in the last N days | A new password cannot be the same as a password used previously within this number of days. | ||||||||||
Any of the last N passwords | A new password cannot be the same as any of this number of previous passwords. | ||||||||||
Passwords will expireexpires after: | |||||||||||
After a warning period of N Days Valid | The Enter the number of days for which the password is valid. For example, to configure a password that is valid for before the6 months, enter The user is not warned to changethat their password (if a grace period is configured) or the password expires (if no grace period is configured). | ... and a Grace Period of N Days | If a grace period is configured users will be warned during login that their password is about to expire. The warning will be displayed after the password validity period configured above, for the number of days of the grace period. At the end of the grace period the password will expire is due to expire. To provide the user with a warning and a period of time in which to change their password, set Days to Reset. | ||||||||
Days to Reset | Enter the number of days that the password continues to be valid, during which PhixFlow notifies the user that their password is due to expire. For example, to add an extra 2 weeks in which the user can continue to use their password, enter The Days to Reset starts when the Days Valid is exceeded. When the user logs in, PhixFlow displays a message telling them the number of days that remain before their password expires. If the user changes their password during the Days to Reset period, the number of Days Valid starts again. If the user does not change their password, when the Days to Reset is exceeded, the password expires. | ||||||||||
Lock account after: | |||||||||||
Failed login attempts | The user's account will be locked after this number of unsuccessful login attempts. | ||||||||||
Password reset: | |||||||||||
Allow Reset |
When the user follows this link, they must answer a security question and then provide a new password.
| ||||||||||
Maximum reset attempts | The maximum number of attempts the user can make to reset their password. After this number of failed attempts, the user must contact their system administrator. | ||||||||||
Reset links valid for | The link in a reset email is valid for this number of minutes. A link older than this will be rejected. If no value is set, reset links are valid indefinitely. |