This page is for PhixFlow administrators to set up rules about user passwords. For related information, see the PhixFlow User Administration topic.

Overview

PhixFlow applies a single password policy to all user accounts. When it is first installed, PhixFlow is configured to use the Default password policy, which only requires a password to have at least 6 characters.

If you are using PhixFlow's accounts to manage user access, users must log in to PhixFlow using the password set in their user properties; see User. Administrators can use the password policies property tab to set rules and restrictions for user passwords. You can either change the details of the Default policy or create a different policy. You can set rules for:

the length of characters and the characters they must contain
whether passwords can be reused after a time period or an intervening number of different passwords
how long passwords can be used before they expire
how many login attempts can be made before the account is locked
resetting passwords.

Sections on this page

If you create a different password policy, remember to update the System Configuration → Advanced → Password Policy to use it.

If you do not want to use PhixFlow's accounts to manage user access, but instead want to integrate PhixFlow with a single sign-on system, see:

See also pages in the PhixFlow User Administration topic.

The toolbar has the standard icons. For information about the sections Parent Details, Analysis Models, Description and Audit Summary, see Common Properties. For information about other property tabs, see Form Descriptions.

Using a Different Password Policy

To use a different password policy:

In the repository browser, scroll to System Configuration and click to open its property tab; see System Configuration.
Expand the Advanced section.
In the Password Policy field, select the policy you require from the drop-down list.

Adding or Changing a Password Policy

To create or change a password policy, in the repository browser scroll down to the Password Policies section. Members of a user group have access to the modelling objects and applications listed in the property tab. The user group inherits privileges from the roles listed in the property tab.

Basic Settings

Except for Minimum Length, an empty field means that PhixFlow does not apply a restriction.

Field	Description
Name	Name of the password policy
Passwords must have at least:
Minimum Length	The minimum number of characters in password. If this field is left empty, the minimum length is 1.
Upper Case Chars	The minimum number of upper case characters [A-Z] in the password.
Lower Case Chars	The minimum number of lower case characters [a-z] in the password.
Numeric Chars	The minimum number of digits [0-9] in the password.
Special Chars	The minimum number of special characters in the password. Allowed special characters are: `\ ! " # $ % & ( ) * + , . / : ; < = > ? @ [ ] ^ _ { \| } ~`
A new password cannot be the same as:
A password used in the last N days	A new password cannot be the same as a password used previously within this number of days.
Any of the last N passwords	A new password cannot be the same as any of this number of previous passwords.
Passwords will expire:
After a warning period of N Days	Passwords will expire after this number of days.
... and a Grace Period of N Days	If a grace periods is configured, users will receive a warning about password expiry after the "Expiry Period" but the password will not expire until this additional number of days.
Lock account after:
Failed login attempts	The user's account will be locked after this number of unsuccessful login attempts.
Password reset:
Allow Reset	Tick means a user can request a password-reset link to be emailed to their configured email address. When the user follows this link, they must answer a security question and then provide a new password. Users configure their security questions in their user properties; see User. To set the `From` address that PhixFlow uses for password reset emails, go to System Configuration → System Email Address.
Maximum reset attempts	The maximum number of attempts the user can make to reset their password. After this number of failed attempts, the user must contact their system administrator.
Reset links valid for	The link in a reset email is valid for this number of minutes. A link older than this will be rejected. If no value is set, reset links are valid indefinitely.