PhixFlow applies a password policy to:
- all user accounts
- the encrypted files that PhixFlow exports to the download area; see Configuring the Download Area.
Before you create user accounts, it is a good idea to set up the password policy to have the rules your company requires. You can:
- either update the default password policy
- or to create one or more new password policies.
See Adding or Changing a Password Policy, below.
If you are using PhixFlow's accounts to manage user access, users must log in to PhixFlow using the password set in their user properties; see User.
If you do not want to use PhixFlow's accounts to manage user access, but instead want to integrate PhixFlow with a single sign-on system, see:
See also pages in the User Administration topic.
The Default Password Policy
When it is first installed, PhixFlow has one password policy, called Default, which is used for both user and file export passwords; see Using a Different Password Policy, below.
The default password policy requirements for passwords are:
Default password policy requirements | In 8.3.1 and earlier versions | In 8.3.2 and later versions |
|---|---|---|
| Number of characters | 6 | 10 |
| Upper case | - | 1 |
| Lower case | - | 1 |
| Special | - | 1 |
Adding or Changing a Password Policy
To create or change a password policy, in the repository scroll down to the
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
| Tip |
|---|
If you create a different password policy, remember to update the System Configuration → Advanced → Password Policy or Export Password Policy to use it. |
Using a Different Password Policy
To use a different password policy:
- In the repository, scroll to System Configuration and click to open it.
- Expand the Advanced section.
- Select the policy you require from the drop-down list in the options:
- Password Policy
- Export Password Policy
When you create a user account in PhixFlow, it automatically applies the password policies set in System Configuration at that time. If you subsequently update System Configuration to use a different password policy, existing user accounts are not updated. They will continue to use the previous password policy.
If you want some users to have a different password policy, you will need to update their User account properties:
- Basic Settings → Password Policy
- Export Password options.
Password Policy Properties
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|
Basic Settings
| Note |
|---|
Except for Minimum Length, an empty field means that PhixFlow does not apply a restriction. |
Update to indicate which fields are used in export
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Name | Name of Enter a name for the password policy. | ||||||||||
| Passwords must have at least: | |||||||||||
| Minimum Length | The Specify the minimum number of characters required in a password. If this field is left empty, the minimum length is 1. | ||||||||||
| Upper Case Chars | The Specify the minimum number of upper case characters [A-Z] required in the a password. | ||||||||||
| Lower Case Chars | The Specify the minimum number of lower case characters [a-z] required in the a password. | ||||||||||
| Numeric Chars | The Specify the minimum number of digits [0-9] required in the a password. | ||||||||||
| Special Chars | The Specify the minimum number of special characters required in the a password. Allowed special characters are:
| ||||||||||
| A new password cannot be the same as: | |||||||||||
| A password used in the last N days | A new password cannot be the same as a password used previously within this number of days. | ||||||||||
| Any of the last N passwords | A new password cannot be the same as any of this number of previous passwords. | ||||||||||
| Password expires after: | |||||||||||
Days Valid | Enter the number of days for which the password is valid. For example, to configure a password that is valid for 6 months, enter The user is not warned that their password is due to expire. To provide the user with a warning and a period of time in which to change their password, set Days to Reset. | ||||||||||
| Days to Reset | Enter the number of days that the password continues to be valid, during which PhixFlow notifies the user that their password is due to expire. For example, to add an extra 2 weeks in which the user can continue to use their password, enter The Days to Reset starts when the Days Valid is exceeded. When the user logs in, PhixFlow displays a message telling them the number of days that remain before their password expires. If the user changes their password during the Days to Reset period, the number of Days Valid starts again. If the user does not change their password, when the Days to Reset is exceeded, the password expires. | ||||||||||
| Lock account after: | |||||||||||
| Failed login attempts | The user's account will be locked after this number of unsuccessful login attempts. | ||||||||||
| Password reset: | |||||||||||
| Allow Reset |
When the user follows this link, they must answer a security question and then provide a new password.
| ||||||||||
| Maximum reset attempts | The maximum number of attempts the user can make to reset their password. After this number of failed attempts to answer a security question, the user must contact their system administrator. | ||||||||||
| Reset links valid for | The link in a reset email is valid for this number of minutes. A link older than this will be rejected. If no value is set, reset links are valid indefinitely. | ||||||||||