1. Overview
To meet enterprise compliance requirements for admin passwords, the Admin Console supports a flexible, configurable password policy that covers password complexity, expiration, and expiration reminders, balancing security, maintainability, and user experience. Administrators can configure the following in the UI:- Password complexity (length, character classes, consecutive character restrictions)
- Password expiration and expiration reminders
2. Configuration
2.1 Navigation
Admin Console > Settings > Password Policy
2.2 Password Complexity Policy
| Item | Default |
|---|---|
| Minimum password length | Cannot be set below 8 |
| Must include uppercase | true |
| Must include lowercase | true |
| Must include numbers | true |
| Must include special chars | false |
| Disallow repeated chars | false |
| Disallow ascending chars | false |
- After the configuration is updated, the complexity rules take effect immediately.
- Administrators who are currently signed out can still sign in with their existing password/SSO:
- If the current password does not meet the new rules, they must change it after signing in.
- If the current password meets the new rules, they are not affected.
- Administrators who are already signed in are not affected until their next sign-in.
- On their first SSO sign-in after the policy update, administrators will be required to update their local password to complete the compliance check.
- Administrators who are currently signed out can still sign in with their existing password/SSO:
2.3 Password Expiration and Reminders
| Item | Default | Notes |
|---|---|---|
| Enable expiration | false | Takes effect immediately when enabled |
| Expiration period (days) | 90 | Minimum 1 day, maximum 3650 days |
- After a successful password change, you must sign in again.
2.4 Force Password Change on First Sign-in for New Users
- New users created in the Admin Console or users whose password has been reset will be required to change their password upon first sign-in until the new password satisfies the current password complexity policy.
4. Notes
- The minimum password length cannot be less than 8; the maximum length is fixed at 64.
- The allowed special character set is fixed:
!@#$%^&*()-_+=[]{}|;:,.?/. - Weak-password dictionary blocking is enabled by default and cannot be turned off.
- Policy changes do not immediately affect administrators who are already signed in; they take effect on next sign-in.
- Administrators who use SSO only may be required to set/update a local password after a policy update to complete compliance checks.
- The current version does not provide role/permission-specific password policies; the policy is uniform for all system users.