You can configure password policy for specific group of users by using the password policy profile. You can create different profiles for different group of users so that, specified password policy is applied for each profile.
To configure password policy for a specific profile, perform the following steps:
Click Profiles > Password Policy Profiles.
Click View > Always Show Advanced Settings.
Select the appropriate LDAP profile name.
Configure the following settings:
Field |
Description |
---|---|
Password Policy Profile Query Match |
Specify the query that matches specific users for the specified profile. |
Minimum Length |
Specify the minimum length of password. Specify zero to disable this feature. |
Maximum Length |
Specify the maximum length of password. Specify zero to disable this feature. |
Maximum Repeat |
Specify the maximum number of times a character can be repeated in the password. This is case-insensitive. Specify zero to disable this feature. |
Maximum Sequential Repeat |
Specify the maximum number of times a character can be repeated sequentially in the password. This is case-insensitive. Specify zero to disable this feature |
Allow Numeric Characters |
Select this check box to allow numeric characters in the password. |
Allow First Character Numeric |
Select this check box to allow the first character of the password to be numeric. This setting is applicable when only numeric characters are allowed in the password. |
Allow Last Character Numeric |
Select this check box to allow the last character of the password to be numeric. This setting is applicable only when numeric characters are allowed in the password. |
Maximum Numeric |
Specify the maximum number of numeric characters you want to allow in the password. This setting is applicable when you allow numeric characters in the password. Specify zero to disable this feature. |
Minimum Numeric |
Specify the minimum number of numeric characters you want to allow in the password. This setting is applicable when you allow numeric character in the password. Specify zero to disable this feature. |
Allow Special Characters |
Select this check box to allow non-alphanumeric characters in the password. |
Allow First Character Special |
Select this check box to allow the non-alphanumeric character to be the first character of the password. This setting is applicable when you allow the special characters in the password. |
Allow Last Character Special |
Select this check box to allow the non-alphanumeric character to be the last character of the password. This setting is applicable when you allow the special characters in the password. |
Maximum Special |
Specify the maximum number of special characters allowed in the password. This setting is applicable when you allow the special characters in the password. Specify zero to disable this feature. |
Minimum Special |
Specify the minimum number of special characters required in the password. This setting is applicable when you allow the special characters in the password. Specify zero to disable this feature. |
Maximum Alphabetic |
Specify the maximum number of alphabetic characters allowed in the password. Specify zero to disable this feature. |
Minimum Alphabetic |
Specify the minimum number of alphabetic characters required in the password. Specify zero to disable this feature. |
Maximum Non-Alphabetic |
Specify the maximum number of non-alphabetic characters allowed in the password. Specify zero to disable this feature. |
Minimum Non-Alphabetic |
Specify the minimum number of non-alphabetic characters required in the password. Specify zero to disable this feature. |
Maximum Uppercase |
Specify the maximum number of uppercase characters allowed in the password. Specify zero to disable this feature. |
Minimum Uppercase |
Specify the minimum number of uppercase characters required in the password. Specify zero to disable this feature. |
Maximum Lowercase |
Specify the maximum number of lowercase characters allowed in the password. Specify zero to disable this feature. |
Minimum Lowercase |
Specify the minimum number of lowercase characters required in the password. Specify zero to disable this feature. |
Minimum Unique Characters |
Specify the minimum number of unique characters required in the password. Specify zero to disable this feature. |
Maximum Characters from Previous Password |
Specify the maximum number characters that a user can reuse from the previous password in the new password. Specify zero to disable this feature. |
Enable Wordlist |
Select this check box to enable users to check the password against the configured Wordlist. |
Enforce Microsoft-AD 2003 Password Complexity |
Select this check box to the following Microsoft Active Directory style password complexity rules:
|
Disallowed Values |
Specify the list of case insensitive values that you do not want to allow in the password. For example, password, username, and name of the organization. |
Minimum Password Strength |
Specify the minimum password strength level required. 45 to 69 are good and above 69 are strong. A value of zero disables this check. |
Password Change Message |
Specify the message to be displayed to the user during password changes. You can include HTML tags in messages. NOTE:A change password message read as part of an LDAP password policy may overwrite this setting. |
Required Regular Expression Matches (Advanced) |
Specify a regular expression pattern that a valid password must match. You can list multiple patterns. Patterns must follow the rules listed for the pattern. A pattern must match the entire password to be applied. A partial match is not accepted. |
Disallowed Regular Expression Matches (Advanced) |
Specify a regular expression pattern that a password must not match to be allowed. You can list multiple patterns. A partial match is ignored. |
Disallowed Attributes (Advanced) |
Specify the list of case-insensitive attributes that you do not want to allow in the password. For example, cn and sn. |
Password Rule Text (Advanced) |
Specify the password rules that you want to display to users. If you do not specify the full path, SSPR uses the WEB-INF directory by default. By default, this field is blank and an appropriate rule text is automatically generated. When you configure this setting, the text in this setting replaces the automatically generated rule text. You can use HTML tags. |
Disallow Current Password (Advanced) |
Select this check box if you want to prevent users from repeating the current password as new password. You can this setting if the login method permits the user's password to be known. |