You need to be either a Global Administrator or Identity Repository Administrator to configure the password policy for your directory users. You will edit the default password policy to assign password requirements, expiration settings and lockout settings.
Note: The PingOne for Enterprise
Directory uses HMAC SHA-256 with salt for hashing passwords.
- Go to .
-
Change any of the minimum requirement settings as needed:
Setting Description Minimum Length The minimum number of characters required. Minimum Uppercase Characters The minimum number of uppercase characters required. Minimum Numbers The minimum number of numbers required. Minimum Special Characters The minimum number of special characters required (such as, @ # ! % &). Block Dictionary Words If enabled, common dictionary words aren't allowed as passwords. Block Prior Passwords If enabled, previously used passwords aren't allowed. -
Assign any of the password expiration settings as needed:
Setting Description Password Duration The number of days a password remains valid. When set to 0 (zero), passwords will never expire. First Notification The user will receive their first notice of an expiring password this number of days before expiration. Second Notification The user will receive their second notice of an expiring password this number of days before expiration. Password Expiry Notifications When enabled, an email notification is sent to users prior to their password expiring. -
Change any of the account lockout settings as needed:
Setting Description Consecutive Failures to Trigger Lockout The number of consecutive, failed attempts to sign on needed to trigger an account lockout. Consecutive Failure Timeframe The length of time a user remains locked out (in minutes). Lockout Duration The length of time without user activity (in minutes) that's needed before the count of failed sign on attempts is reset to zero. Password Lockout Notifications When enabled, an email notification is sent to users when their password has expired and they are locked out.