Skip to main content
Skip table of contents

Managing Password Policies

Overview

The Authentication screen allows for the configuration of password policies that will apply to all users. Click Authentication within the navigation tree on the left to display the screen.

The manage-password-policy role is required in order to see the Authentication menu item and manage the default password policies. Eleveo.admin has this role assigned by default, as a part of the user-management-admin composite role.

Default Password Policies

Eleveo default settings require that new passwords must meet the following complexity requirements:

  • at least 8 characters

  • with at least one character a number (0-9)

  • at least one character a lowercase letter (a-z) 

  • at least one character an upper case letter (A-Z)

Additionally, a password expires after 365 days and its change is requested after this time. A new password cannot be the same as the last one.

Adding and Modifying Password Policies

To add a new policy, expand the Add policy drop down menu:

Select the policy type that you would like to add:

  • Hashing Iterations – number of hashing iterations

  • Special Characters – number of special characters that a password should contain

  • Password Blacklist – expressions that cannot be used as a password

  • Regular Expression – regular expression that passwords should match

  • Not Username – define that a username cannot be used as a password

  • Hashing Algorithm – hashing algorithm used

Each policy type has a default policy value that can be modified. In the end, click Save to apply the changes.

Deleting Password Policies

To delete a policy, click the Delete button on the right.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.