Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page is for PhixFlow administrators to set up rules about user passwords. 

Insert excerpt
_admin_user_topic
_admin_user_topic
nopaneltrue

Overview

PhixFlow applies a single password policy to all user accounts. When it is first installed, PhixFlow is configured to use the Default password policy, which only requires a password to have at least 6 characters. 

If you are using PhixFlow's accounts to manage user access, users must log in to PhixFlow using the password set in their user settings; see User. Administrators can use the password policies settings tab to set rules and restrictions for user passwords. You can either change the details of the Default policy or create a different policy. You can A password policy contains the rules about how secure a password must be and how often it should be changed. You can set rules for:

  • the length of characters and the characters they must contain
  • whether passwords can be reused after a time period or an intervening number of different passwords
  • how long passwords can be used before they expire
  • how many login attempts can be made before the account is locked
  • resetting passwords.


Panel
borderColor#7da054
titleColorwhite
titleBGColor#7da054
borderStylesolid
titleSections on this page

Table of Contents
stylenone

NoteIf you create a different password policy, remember to update the System Configuration → Advanced → Password Policy to use it.


PhixFlow applies a password policy to:

Before you create user accounts, it is a good idea to set up the password policy to have the rules your company requires. You can:

  • either update the default password policy
  • or to create one or more new password policies.

See Adding or Changing a Password Policy, below.

If you are using PhixFlow's accounts to manage user access, users must log in to PhixFlow using the password set in their user properties; see User

If you do not want to use PhixFlow's accounts to manage user access, but instead want to integrate PhixFlow with a single sign-on system, see:

See also pages in the  PhixFlow the User Administration topic.

The Default Password Policy

When it is first installed, PhixFlow has one password policy, called  Default, which is used for both user and file export passwords; see Using a Different Password Policy, below.

The default password policy requirements for passwords are:

Default password

policy requirements

In 8.3.1 and
earlier versions
In 8.3.2 and 
later versions
Number of characters610
Upper case-1
Lower case-1
Special-1

Adding or Changing a Password Policy

To create or change a password policy, in the repository scroll down to the 

Insert excerpt
_password_policies_repo
_password_policies_repo
nopaneltrue
  section. Double-click on an existing password policy to edit it. To create a new password policy, right-click
Insert excerpt
_password_policies_repo
_password_standard_settings_standard_settingsnopaneltruepolicies_repo
nopaneltrue
 and click
Insert excerpt
_add
_add
nopaneltrue

Tip

If you create a different password policy, remember to update the System Configuration → Advanced → Password Policy or Export Password Policy to use it.

Using a Different Password Policy

To use a different password policy:

  1. In the repository browser, scroll to System Configuration and click to open its settings; see  System Configurationit.
  2. Expand the Advanced section.
  3. In the Password Policy field, select the Select the policy you require from the drop-down list .
Adding or Changing a
  1. in the options: 
    • Password Policy
    • Export Password Policy

To create or change a password policy, in the repository browser scroll down to the When you create a user account in PhixFlow, it automatically applies the password policies set in System Configuration at that time. If you subsequently update System Configuration to use a different password policy, existing user accounts are not updated. They will continue to use the previous password policy.

If you want some users to have a different password policy, you will need to update their User account properties:

  • Basic Settings → Password Policy
  • Export Password options.

Password Policy Properties

Insert excerpt
_passwordstandard_policies_reposettings
_passwordstandard_policies_reposettings
nopaneltrue
  section. Members of a user group have access to the modelling objects and applications listed in the settings tab. The user group inherits privileges from the roles listed in the settings tab. 

Basic Settings

Note

Except for Minimum Length, an empty field means that PhixFlow does not apply a restriction.


Passwords will expire after
FieldDescription
NameName of Enter a name for the password policy.
Passwords must have at least:
Minimum Length

The Specify the minimum number of characters required in a password. If this field is left empty, the minimum length is 1.

Upper Case CharsThe Specify the minimum number of upper case characters [A-Z] required in the a password.
Lower Case CharsThe Specify the minimum number of lower case characters [a-z] required in the a password.
Numeric CharsThe Specify the minimum number of digits [0-9] required in the a password.
Special Chars

The Specify the minimum number of special characters required in the a password. Allowed special characters are:

 \ ! " # $ % & ( ) * + , . / : ; < = > ? @ [ ] ^ _ { | } ~

A new password cannot be the same as:
A password used in the last N daysA new password cannot be the same as a password used previously within this number of days.
Any of the last N passwordsA new password cannot be the same as any of this number of previous passwords.
Passwords will expire:
After a warning period of N DaysPassword expires after:

Days Valid


Enter the number of days for which the password is valid. For example, to configure a password that is valid for 6 months, enter 180. At the end of this number of days, the password expires.

... and a Grace Period of N DaysIf a grace periods is configured, users will receive a warning about password expiry after the "Expiry Period" but the password will not expire until this additional number of days

The user is not warned that their password is due to expire. To provide the user with a warning and a period of time in which to change their password, set Days to Reset.

Days to Reset

Enter the number of days that the password continues to be valid, during which PhixFlow notifies the user that their password is due to expire. For example, to add an extra 2 weeks in which the user can continue to use their password, enter 14.

The Days to Reset starts when the Days Valid is exceeded. When the user logs in, PhixFlow displays a message telling them the number of days that remain before their password expires.

If the user changes their password during the Days to Reset period, the number of Days Valid starts again.

If the user does not change their password, when the Days to Reset is exceeded, the password expires.

Lock account after:
Failed login attemptsThe user's account will be locked after this number of unsuccessful login attempts.
Password reset:
Allow Reset

Insert excerpt
_check_box_ticked
_check_box_ticked
nopaneltrue
 means a user can request a password-reset link to be emailed to their configured email address.

When the user follows this link, they must answer a security question and then provide a new password. 

Tip

Users configure their security questions in their user settings properties; see User.

To set the From address that PhixFlow uses for password reset emails, go to System Configuration → System Email Address.


Maximum reset attempts

The maximum number of attempts the user can make to reset their password. After this number of failed attempts to answer a security question, the user must contact their system administrator.

Reset links valid for

The link in a reset email is valid for this number of minutes. A link older than this will be rejected.

If no value is set, reset links are valid indefinitely.