Setting up a Password Policies

As an Wedia administrator, you can define the strength of the password your users will choose.

Defining a Password strength policy

Locate in the /admin configuration panel the Authentication Services entry :

Password expiration policy

This can be set up in the first tab of the Authenticated Services entry :

Defining password policies

Multiple password composition policies can be setup in this tab :

Each validation condition can be activated or deactivated. All activated conditions will run when a new user enter a password in any interface (recovered password, portal, back-office, registration…)

When creating a new validation condition, two options are offered :

 

Basic Password Contraints

Each policy can have the following rules :

  • Minimal length

  • Number of required digits

  • Number of required uppercase letters

  • Number of required lowercase letters

  • Number of required symbols

Reuse Password Constraints

This policy lets you set the password history checking, to avoid password reuse :

Setting up a “Change at first login” rule

This rule is set individually for each user :

If you need to have it created by default, change the default value set on a new “user” object :

Setting up a “Deactivate user after xx incorrect attempts” rule

This rule is set individually for each user :

If you need to have it created by default, change the default value set on a new “user” object :

The user who are deactivated will move to a “inactive” status that has to be reset by an administrator to reactivate them.