Overview
Password aging enforcement is a critical security measure designed to ensure that users regularly update their passwords to maintain account security. By enabling password aging enforcement, administrators can define the maximum duration for which a password can be used before it must be changed. Additionally, they can configure warning periods and grace periods to inform users about impending password expiration and provide them with a time window to update their password before a password change is required in order to access their account.
Enable and Configure Password Aging Policy
To enable this feature:
-
Navigate to Administration > Configuration
-
Set Authentication/SeeqDirectory/EnforcePasswordAge to
true -
Configure any optional parameters (see table below).
-
Save your changes
Once this policy is enabled, existing passwords older than 90 days must be reset. Users with passwords expiring within the next 7 days will receive warnings. Users with expired passwords will be unable to log in if the PasswordExpirationGracePeriod is set to 0.
Options
|
Configuration |
Default |
|---|---|
|
Authentication/SeeqDirectory/EnforcePasswordAge
|
|
|
Authentication/SeeqDirectory/MaxPasswordAge The maximum duration (in days) that a user's password can be used before the system requires a password change. |
90 |
|
Authentication/SeeqDirectory/PasswordExpirationWarningPeriod The number of days before a user's password expires when the system starts alerting the user that their password is approaching its expiration date. |
7 |
|
Authentication/SeeqDirectory/PasswordExpirationGracePeriod The number of days a user can continue to log in with an expired password before the system forces a mandatory update. |
0 |