Configure the directory password policy
About this task
You need to be either a Global Administrator or Identity Repository Administrator to configure the password policy for your directory users. You will edit the default password policy to assign password requirements, expiration settings and lockout settings.
The PingOne for Enterprise Directory uses HMAC SHA-256 with salt for hashing passwords. |
Steps
-
Go to Setup → Directory Settings → Password Requirements.
-
Change any of the minimum requirement settings as needed:
Setting Description Minimum Length
The minimum number of characters required.
Minimum Uppercase Characters
The minimum number of uppercase characters required.
Minimum Numbers
The minimum number of numbers required.
Minimum Special Characters
The minimum number of special characters required (such as, @ # ! % &).
Block Dictionary Words
If enabled, common dictionary words aren’t allowed as passwords.
Block Prior Passwords
If enabled, previously used passwords aren’t allowed.
-
Assign any of the password expiration settings as needed:
Setting Description Password Duration
The number of days a password remains valid. When set to 0 (zero), passwords will never expire.
First Notification
The user will receive their first notice of an expiring password this number of days before expiration.
Second Notification
The user will receive their second notice of an expiring password this number of days before expiration.
Password Expiry Notifications
When enabled, an email notification is sent to users prior to their password expiring.
-
Change any of the account lockout settings as needed:
Setting Description Consecutive Failures to Trigger Lockout
The number of consecutive, failed attempts to sign on needed to trigger an account lockout.
Consecutive Failure Timeframe
The length of time a user remains locked out (in minutes).
Lockout Duration
The length of time without user activity (in minutes) that’s needed before the count of failed sign on attempts is reset to zero.
Password Lockout Notifications
When enabled, an email notification is sent to users when their password has expired and they are locked out.