PingOne Advanced Services

Password policies

Password policies contain configurable properties for password expiration, failed sign on attempts, account lockout and other aspects of password and account maintenance. Submit your password policy requests through the service request form on the Support Portal.

About this task

For more information, see About the password policy properties in the PingDirectory Server Administration Guide.

Steps

  1. Complete the following fields:

    • Subject: Enter a description of your request, including the action to be taken.

    • Environment Type: Specify the type of environment affected by this request.

    • Proposed Change Window: Specify the dates or times in which you want the work complete.

  2. In the Capability list, select PingDirectory service requests → Password policies.

  3. In the Password policy name field, provide the name of the password policy you want to add, modify or delete.

  4. If you want to add a new policy, select the New Policy option. If you want to modify or delete an existing policy, leave this field blank.

  5. In the Default password storage scheme field, provide the scheme. The default is Salted SHA-256, but you can specify another supported scheme. See Supported password storage schemes for a complete list.

  6. In the Password validators field, provide the names of the password validators you want to use with this policy. See Password validators for a complete list.

  7. In the Password history count field, specify the number of passwords that users must have before a password can be reused.

  8. In the Password history duration field, specify the amount of time that must pass before a password can be reused.

  9. In the Min age field, specify the minimum amount of time that a user must wait to change their password after a prior password change.

  10. In the Max age field, specify the amount of time that can pass before the password must be changed.

  11. In the Expiration warning interval (0 if expire without warning) field, specify the amount of time prior to a password expiring that the server will warn users about the expiry, or select 0 if you want passwords to expire without warning.

  12. In the Lockout failure count field, specify the number of incorrect passwords that users can enter before they are locked out.

  13. In the Lockout duration field, specify the amount of time an account will remain locked out.

  14. Select the Force change on add option if you want to force users to change their passwords following an administrator reset.

  15. In the Business Priority list, select the appropriate description:

    • Change needed by deadline to avoid business impact

    • Change modifies existing functionality

    • Change adds new functionality

  16. In the Description field, enter a description of your request.

  17. If you are tracking your request within your organization, enter the tracking ID or ticket number associated with it in the Customer Tracking ID field.

  18. To submit your request, click Save.