User Policies

By default, the password policies are inactive. To enable them click on the Modify link.

Figure 3.18: Users Management - Password Policies

At the new page you will be presented with these options:

• Use strong passwords: By default NO;
• Lock account after password failed: By default, NO;
• Password Validity: By default NO.

Figure 3.19: Users Management - User Policies - Modify

By selecting YES on the presented options you will access more settings.

Figure 3.20: Users Management - Password Policies

These are the presented options:

• Use strong passwords: By default, this option is set to NO. Select YES to configure your password's length and remember that:

  The password can not be equal to that which is in use.
  
    Can not contain the login or the name.
  
    Must contain elements of at least three of the following four groups
    of characters:
          Uppercase letters (A through Z)
          Lowercase letters (a through z)
          Numbers (0 through 9)
          Special characters (such as !,$,%,#)
  
  Again, this will affect all users!
  

  Figure 3.21: Error Warning

  
  • Minimum number of characters: Enter the password's minimum number of characters (by default 8);

• Lock account after password failed: By default, this option is set to NO. The user's account will be locked for a determined amount of time, after a set number of unsuccessful login attempts.
  • Number of attempts before locking the account: By default 5;
  • Time period where the account is locked: The time period should set in minutes. By default, 15m

• Password Validity: By default this option is set to NO this means that the password will never expire. Select YES to set the number of days:
  

  NOTE: If you select YES all users will have an expiration date on their passwords, but, a new option will appear, at Users List, when you click on an individual user Name.

  Figure 3.22: User Policies link

  

  This new link (User Policies) will enable you to deactivate the password validity for that particular user.

  Figure 3.23: Error Warning

  

  Click on Modify and then select NO at Password Validity

  Figure 3.24: Password Validity

  

  Click on Modify to confirm the changes.

  Figure 3.25: Password Validity - NO

  

  If you return to the Users List page you will now notice that this partiular user has no validity in his password.

  Figure 3.26: Users List - User with no validity in his password

  
  • Expires in: Number of days the password will be valid (by default, 30 days);
• Block account: If the password expires, the account will be blocked (by default, NO). If you select Yes you will have available an option to set the number of days where your user will be able to access his account until it's finally locked:
  • Lock account after the password expires: Set the number of days until (by default, 0 days)
• Send notification: By default, the user will not be notified of the end of his password's validity. Select YES to set how many days before expiration will the system notify him;
  • Send notification before password expires: Set how many days before expiration will the user receive a warning (by default, 1 day)
  • Notification: By default, the notification's subject and message is already set, but if you wish, you may modify it as you see fit.

To confirm the changes click on the Modify button at the bottom of the page.

The user will be able to alter his password at MyIPBrick. The login page will prompt him to alter his authentication credential.

Figure 3.27: MyIPBrick Login Prompt