5.2 Configuring Password Policy for a Profile

You can configure password policy for specific group of users by using the password policy profile. You can create different profiles for different group of users so that, specified password policy is applied for each profile.

To configure password policy for a specific profile, perform the following steps:

  1. Click Profiles > Password Policy Profiles.

  2. Click View > Always Show Advanced Settings.

  3. Select the appropriate LDAP profile name.

  4. Configure the following settings:

    Field

    Description

    Password Policy Profile Query Match

    Specify the query that matches specific users for the specified profile.

    Minimum Length

    Specify the minimum length of password. Specify zero to disable this feature.

    Maximum Length

    Specify the maximum length of password. Specify zero to disable this feature.

    Maximum Repeat

    Specify the maximum number of times a character can be repeated in the password. This is case-insensitive. Specify zero to disable this feature.

    Maximum Sequential Repeat

    Specify the maximum number of times a character can be repeated sequentially in the password. This is case-insensitive. Specify zero to disable this feature

    Allow Numeric Characters

    Select this check box to allow numeric characters in the password.

    Allow First Character Numeric

    Select this check box to allow the first character of the password to be numeric. This setting is applicable when only numeric characters are allowed in the password.

    Allow Last Character Numeric

    Select this check box to allow the last character of the password to be numeric. This setting is applicable only when numeric characters are allowed in the password.

    Maximum Numeric

    Specify the maximum number of numeric characters you want to allow in the password. This setting is applicable when you allow numeric characters in the password. Specify zero to disable this feature.

    Minimum Numeric

    Specify the minimum number of numeric characters you want to allow in the password. This setting is applicable when you allow numeric character in the password. Specify zero to disable this feature.

    Allow Special Characters

    Select this check box to allow non-alphanumeric characters in the password.

    Allow First Character Special

    Select this check box to allow the non-alphanumeric character to be the first character of the password. This setting is applicable when you allow the special characters in the password.

    Allow Last Character Special

    Select this check box to allow the non-alphanumeric character to be the last character of the password. This setting is applicable when you allow the special characters in the password.

    Maximum Special

    Specify the maximum number of special characters allowed in the password. This setting is applicable when you allow the special characters in the password. Specify zero to disable this feature.

    Minimum Special

    Specify the minimum number of special characters required in the password. This setting is applicable when you allow the special characters in the password. Specify zero to disable this feature.

    Maximum Alphabetic

    Specify the maximum number of alphabetic characters allowed in the password. Specify zero to disable this feature.

    Minimum Alphabetic

    Specify the minimum number of alphabetic characters required in the password. Specify zero to disable this feature.

    Maximum Non-Alphabetic

    Specify the maximum number of non-alphabetic characters allowed in the password. Specify zero to disable this feature.

    Minimum Non-Alphabetic

    Specify the minimum number of non-alphabetic characters required in the password. Specify zero to disable this feature.

    Maximum Uppercase

    Specify the maximum number of uppercase characters allowed in the password. Specify zero to disable this feature.

    Minimum Uppercase

    Specify the minimum number of uppercase characters required in the password. Specify zero to disable this feature.

    Maximum Lowercase

    Specify the maximum number of lowercase characters allowed in the password. Specify zero to disable this feature.

    Minimum Lowercase

    Specify the minimum number of lowercase characters required in the password. Specify zero to disable this feature.

    Minimum Unique Characters

    Specify the minimum number of unique characters required in the password. Specify zero to disable this feature.

    Maximum Characters from Previous Password

    Specify the maximum number characters that a user can reuse from the previous password in the new password. Specify zero to disable this feature.

    Enable Wordlist

    Select this check box to enable users to check the password against the configured Wordlist.

    Enforce Microsoft-AD 2003 Password Complexity

    Select this check box to the following Microsoft Active Directory style password complexity rules:

    • Cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters

    • Contain at least six characters in length

    • Contain characters from three of the following four categories:

      • English uppercase characters (A through Z)

      • English lowercase characters (a through z)

      • Base 10 digits (0 through 9)

      • Non-alphabetic characters (for example, !, $, #, %)

        NOTE:This option is allowed on Windows server 2008 R2 SP1 or later.

    Disallowed Values

    Specify the list of case insensitive values that you do not want to allow in the password. For example, password, username, and name of the organization.

    Minimum Password Strength

    Specify the minimum password strength level required.

    45 to 69 are good and above 69 are strong. A value of zero disables this check.

    Password Change Message

    Specify the message to be displayed to the user during password changes. You can include HTML tags in messages.

    NOTE:A change password message read as part of an LDAP password policy may overwrite this setting.

    Required Regular Expression Matches (Advanced)

    Specify a regular expression pattern that a valid password must match. You can list multiple patterns. Patterns must follow the rules listed for the pattern. A pattern must match the entire password to be applied. A partial match is not accepted.

    Disallowed Regular Expression Matches (Advanced)

    Specify a regular expression pattern that a password must not match to be allowed. You can list multiple patterns. A partial match is ignored.

    Disallowed Attributes (Advanced)

    Specify the list of case-insensitive attributes that you do not want to allow in the password. For example, cn and sn.

    Password Rule Text (Advanced)

    Specify the password rules that you want to display to users. If you do not specify the full path, SSPR uses the WEB-INF directory by default.

    By default, this field is blank and an appropriate rule text is automatically generated. When you configure this setting, the text in this setting replaces the automatically generated rule text. You can use HTML tags.

    Disallow Current Password (Advanced)

    Select this check box if you want to prevent users from repeating the current password as new password. You can this setting if the login method permits the user's password to be known.