Password Policies
A password policy defines a set of minimum requirements that a user password must meet in order to be valid (e.g., a password must be at least N characters long). FlowForce Servers uses password policies to enable administrators to enforce the complexity of user passwords.
The password complexity rules that you can define within a password policy are as follows:
•The total minimum length of the password (that is, the password must be at least N characters long to be valid)
•The minimum number of letters that the password must contain
•The minimum number of digits that the password must contain
You can define as many password policies as required (provided that you have the Maintain users, roles and privilege privilege). Once you define password policies, you can assign them to FlowForce users. A user account can have one password policy at a time.
When the user requests a password change, the system checks if the new password meets the complexity requirements defined in the user's password policy. If the password does not meet the complexity requirements defined in the password policy, the password change is denied, and the system displays a relevant message.
When an administrator changes the password of a user, FlowForce Server does not enforce the password policy. Also, if the password policy changes, any existing passwords remain unaffected. In the latter case, the password policy will be enforced when users attempt to change the existing password.
By default, FlowForce Server includes an empty password policy which does not enforce any password complexity rules. FlowForce Server implicitly assigns the default password policy to any user account that does not have a custom password policy. The default password policy cannot be changed.
Create and assign password policies
To create a new password policy:
1.Click Administration, and then click Password Policies.
2.Click Create Policy.
3.Enter the required password policy rules, and then click Save. The list of current users becomes available under the defined policy.
4.Click to select the user records that must be assigned the new policy, and then click Assign.
