Skip to main content

1. Overview

To meet enterprise compliance requirements for admin passwords, the Admin Console supports a flexible, configurable password policy that covers password complexity, expiration, and expiration reminders, balancing security, maintainability, and user experience. Administrators can configure the following in the UI:
  • Password complexity (length, character classes, consecutive character restrictions)
  • Password expiration and expiration reminders
The system provides a default policy and enforces non-reducible boundaries on certain items to ensure compliance and security.

2. Configuration

2.1 Navigation

Admin Console > Settings > Password Policy

2.2 Password Complexity Policy

ItemDefault
Minimum password lengthCannot be set below 8
Must include uppercasetrue
Must include lowercasetrue
Must include numberstrue
Must include special charsfalse
Disallow repeated charsfalse
Disallow ascending charsfalse
Notes:
  • After the configuration is updated, the complexity rules take effect immediately.
    • Administrators who are currently signed out can still sign in with their existing password/SSO:
      • If the current password does not meet the new rules, they must change it after signing in.
      • If the current password meets the new rules, they are not affected.
      • Administrators who are already signed in are not affected until their next sign-in.
      • On their first SSO sign-in after the policy update, administrators will be required to update their local password to complete the compliance check.

2.3 Password Expiration and Reminders

ItemDefaultNotes
Enable expirationfalseTakes effect immediately when enabled
Expiration period (days)90Minimum 1 day, maximum 3650 days
  • After a successful password change, you must sign in again.

2.4 Force Password Change on First Sign-in for New Users

  • New users created in the Admin Console or users whose password has been reset will be required to change their password upon first sign-in until the new password satisfies the current password complexity policy.

4. Notes

  • The minimum password length cannot be less than 8; the maximum length is fixed at 64.
  • The allowed special character set is fixed: !@#$%^&*()-_+=[]{}|;:,.?/.
  • Weak-password dictionary blocking is enabled by default and cannot be turned off.
  • Policy changes do not immediately affect administrators who are already signed in; they take effect on next sign-in.
  • Administrators who use SSO only may be required to set/update a local password after a policy update to complete compliance checks.
  • The current version does not provide role/permission-specific password policies; the policy is uniform for all system users.

5. FAQ

Q1: Why can’t the minimum password length be set below 8? To meet compliance and security requirements, the system enforces a minimum of 8. Q2: Is preventing reuse of recent passwords (e.g., last 5) supported? This capability is not available in the current version. Future Enterprise Edition releases will evaluate differentiated and more advanced compliance modules. Q3: Are administrators who only use SSO affected by the password policy? Yes. After the policy is updated, on their first SSO sign-in, they will be required to update their local password to complete the compliance check.