Configure password policies
Verify allows for setting password policies for cloud directory users and users authenticating against directories connected via an identity agent.
Any change in the configured policy is enforced next time each user performs a password change. Since Verify passwords are one-way encrypted, there's no way to find existing passwords that don't meet the policy.
Set password policies
Cloud directory users have a local password in Verify. This means we can directly manage the password requirements of these users. To set up a password policy, follow the steps below.
- Navigate to Configuration
- Select the Password policies tab
- Edit the Default password policy
Password strength
This password strength section allows you to set minimum password length. You can also set the minimum characters that need to be alphabetic (a-z) and numeric or special characters (0-9 & symbols). To enable a requirement, check the checkbox and then set the associated value.
Password security
This password security section allows you to configure various security settings for each password. You can set maximum and minimum password age. You can also set the password reuse policy. Additionally, you can set the lock time imposed after repeated failed login attempts.
Enable forgot password
You can enable forgotten password functionality for users authenticating against the Cloud Directory.
To enable forgotten password functionality:
- Navigate to Configuration
- Select Identity Sources
- Select the Cloud Directory source
- Check Enable password reset option
- Save changes
Once enabled, users will see "Forgot password?" on their login page. Currently, forgot password workflows are handled by users providing a known attribute (email address) and if Verify finds a user, it will send that user a link to reset their password. Multi-factor authentication is not included in this flow to protect user fidelity and to prevent exposure of second factors. This keeps the first factor and second factor completely in tact.
Updated 7 months ago