Chapter 3. Login Configuration
Prev   Next

Chapter 3. Login Configuration

Table of Contents

Setting the Password Policy
Disabling Parallel Logins
Setting the Password Validity
Setting the Session Expiry Time
Redirecting a User to the Login Page When Credentials are not Available

Setting the Password Policy

Passwords are required to follow the password policy. A default policy is installed in Domain Manager. As shown in the following code, the password policy can be configured in module > usergroupdb > password-policy. You can control the minimum or maximum length of passwords, specify whether certain combinations of characters, digits and symbols are required by passwords, indicate whether password can match user name, and whether the password can be the same as one previously used. Setting the password policy helps comply with the enterprise's security policy. 

    
    {"minLength":10,
    "maxLength":20,
    "notSameAsLogon":true,
    "maxPasswordExpiresDays":10,
    "differentPasswordCount":1,
    "mustHaveDigit":true,
    "mustHaveUpperCase":true,
    "mustHaveLowerCase":true,
    "mustHaveSymbolSet":"$",
    "mustNotHaveSymbolSet":"#",
    "retryAttemptLockoutCount":3}
  • minLength:Denotes the minimum number of characters a password should have.

    By default, this is set to 0 (zero), which indicates that the password can be of any number of characters.

  • maxLength:Denotes the maximum number of characters a password should have.

    By default, this is set to 0 (zero), which indicates that the password can be of any number of characters.

    Note

    If you set both minLength and maxLength, then the password should be of a number of characters between the two values.

    For example, if minLength is 10 and maxLength is 20, then the password should have at least 10 characters and NOT more than 20 characters.

    If minLength is 0 and maxLength is 20, then the password should be between 1 and 20 characters.

    If minLength is 10 and maxLength is 0, then the password should at least have 10 characters.

  • notSameAsLogon:The default value is false. When set to true, a password cannot be the same as the user name, for a user.
  • maxPasswordExpiresDays:The maximum number of days a password is valid.

    The default value is 0 (zero), which indicates that the password does not expire.

    For more information, see the section called “Setting the Password Validity”.

  • differentPasswordCount:When set to a value other than zero, say n, when changing a password, the new password cannot be the same as the previous n number of passwords .

    For example, when set to 5, the new password cannot be the same as the previous 5 passwords.

    The value of this parameter should be between 0 and 5. Any value above 5 will still be taken as 5.

    This indicates that at a maximum, the new password cannot be the same as the previous 5 passwords.

    By default, this is set to 0 (zero), which indicates that there is no restriction about a new password being the same as previous passwords.

  • mustHaveDigit:The default value is false. When set to true, it is mandatory that a password contains a digit (1-9).
  • mustHaveUpperCase:The default value is false. When set to true, it is mandatory that a password contains an upper case letter (A-Z).
  • mustHaveLowerCase:The default value is false. When set to true, it is mandatory that a password contains a lower case letter (a-z).
  • mustHaveSymbolSet:The default value is blank. When set to a symbol or a set of symbols separated by spaces, it is mandatory that a password contains the specified symbol, or the set of specified symbols.
  • mustNotHaveSymbolSet:The default value is blank. When set to a symbol or a set of symbols separated by spaces, it is mandatory that a password does NOT contain the specified symbol, or the set of specified symbols.

    Note

    As an example, if the password policy contains:

        {"mustHaveDigit":true,
    "mustHaveUpperCase":true,
    "mustHaveLowerCase":true,
    "mustHaveSymbolSet":"$ ^",
    "mustNotHaveSymbolSet":"#"}

    A password should contain a digit, an upper case letter, a lower case letter, the symbols ($ and ^) and must not contain the symbol (#).

    Hence $A1^2b and ^C32dF$ are valid passwords, while $Eg12# and $A12b are invalid passwords.

  • retryAttemptLockoutCount:When set to a non zero value, the account is locked after the specified number of login failures.

    The default value is 0 (zero), which indicates that the accounts are never locked, despite repeated login failures.

    Set this parameter to a value other than 0 (zero) to prevent brute force attempts at logging in to Ambience.

    Note

    A locked account can only be restored by an administrator or a domain administrator.

    An administrator account can be locked out as well. This account can also only be restored by another administrator or a domain administrator.

Prev   Next
Configuration Example Home Disabling Parallel Logins