Table of Contents
Passwords are required to follow the password policy. A default policy is installed in Domain Manager. As shown in the following code, the password policy can be configured in module > usergroupdb > password-policy. You can control the minimum or maximum length of passwords, specify whether certain combinations of characters, digits and symbols are required by passwords, indicate whether password can match user name, and whether the password can be the same as one previously used. Setting the password policy helps comply with the enterprise's security policy.
{"minLength":10, "maxLength":20, "notSameAsLogon":true, "maxPasswordExpiresDays":10, "differentPasswordCount":1, "mustHaveDigit":true, "mustHaveUpperCase":true, "mustHaveLowerCase":true, "mustHaveSymbolSet":"$", "mustNotHaveSymbolSet":"#", "retryAttemptLockoutCount":3}
By default, this is set to 0
(zero), which indicates that the password can be of any number of characters.
By default, this is set to 0
(zero), which indicates that the password can be of any number of characters.
If you set both minLength
and maxLength
, then the password should be of a number of characters between the two values.
For example, if minLength
is 10 and maxLength
is 20, then the password should have at least 10 characters and NOT more than 20 characters.
If minLength
is 0 and maxLength
is 20, then the password should be between 1 and 20 characters.
If minLength
is 10 and maxLength
is 0, then the password should at least have 10 characters.
false
. When set to true
, a password cannot be the same as the user name, for a user.The default value is 0
(zero), which indicates that the password does not expire.
For more information, see the section called “Setting the Password Validity”.
For example, when set to 5, the new password cannot be the same as the previous 5 passwords.
The value of this parameter should be between 0 and 5. Any value above 5 will still be taken as 5.
This indicates that at a maximum, the new password cannot be the same as the previous 5 passwords.
By default, this is set to 0
(zero), which indicates that there is no restriction about a new password being the same as previous passwords.
false
. When set to true
, it is mandatory that a password contains a digit (1-9).false
. When set to true
, it is mandatory that a password contains an upper case letter (A-Z).false
. When set to true
, it is mandatory that a password contains a lower case letter (a-z).As an example, if the password policy contains:
{"mustHaveDigit":true, "mustHaveUpperCase":true, "mustHaveLowerCase":true, "mustHaveSymbolSet":"$ ^", "mustNotHaveSymbolSet":"#"}
A password should contain a digit, an upper case letter, a lower case letter, the symbols ($ and ^) and must not contain the symbol (#).
Hence $A1^2b
and ^C32dF$
are valid passwords, while $Eg12#
and $A12b
are invalid passwords.
The default value is 0
(zero), which indicates that the accounts are never locked, despite repeated login failures.
Set this parameter to a value other than 0
(zero) to prevent brute force attempts at logging in to Ambience.
A locked account can only be restored by an administrator or a domain administrator.
An administrator account can be locked out as well. This account can also only be restored by another administrator or a domain administrator.