EmpowerID provides password management services enabling help desk password reset, end-user self-service password change and reset, and multi-directory password synchronization for external systems. These policies control the login and password self-service reset options a person receives when using EmpowerID. When EmpowerID is installed, all users discovered are assigned to the Default Password Manager Policy. You can modify this policy to meet your organization's needs or create new policies and assign those to users as desired.
...
To set up password policies
On the navbar, expand Password Management and click Password & Login Policies.
Click the Add New Policy button.
...
Image AddedIn the General tab of the Policy Details form that appears, enter a name and description for the policy in the Name, Display Name and Description fields.
Set any of the optional settings explained below and click Save when finished.
| Expand |
|---|
| title | General Settings - Password Complexity Settings |
|---|
|
In the Password Complexity section, you can use the default Windows complexity, or customize to a level of complexity that is right for your organization. Or: Enter the minimum number of characters for passwords in the Min Length field, and enter the maximum number of characters for passwords in the Max Length field, and optionally use any of the custom settings in the below table.
Setting | Description |
|---|
Min Digits | Specifies the minimum number of digits required within passwords | Min Special Characters | Specifies the minimum number of special characters required within passwords | Maximum Pairs of Repeating Characters | Specifies the maximum number of repeating characters allowed within passwords | Restrict First X Characters Of Login | Specifies the number of characters from the beginning of the user name that are not allowed within passwords
(e.g. 3 forbids the use of the first three letters of the user name within passwords) | Password Requires Mixed Case | Enforces the use of upper and lower case letters within passwords | Require Leading Letter | Enforces the use of a letter as the first character within passwords | Require Mainframe Compatibility | Enforces mainframe password format requirements (max 8 characters, no special characters) | Regular Expression Validator | Uses a regular expression to constrict and validate the use of characters within passwords
(the RegEx is applied in addition to any other settings specified) | Password Prevent Username Words | Forbids the use of the user name in any part of passwords | Password Prevent Dictionary Words | Forbids the use of words contained in the selected dictionary within passwords
| Dictionary Word Set | Allows you to select the dictionary of words that are forbidden within passwords* |
|
...
| Expand |
|---|
| title | Authentication Settings - Login Policy Settings |
|---|
|
On the Authentication Settings tab, you can accept the default settings for your Login Policy or customize them with the settings in the below table. Setting | Description |
|---|
Min Login LoA if Local | Sets the minimum number of MFA points* required for users within your local network | Min Login LoA if Remote | Sets the minimum number of MFA points* required for users outside of your local network | Min Passwordless Login LoA if Local | Sets the minimum number of MFA points required for users using passwordless login from within your network | Min Passwordless Login LoA if Remote | Sets the minimum number of MFA points required for users using passwordless login from outside your network | Default Home Page | Sets the relative path to the page of the EmpowerID Web application that users see after they login
(that portion of the page's URL that begins with the # symbol)
e.g. https://<EmpowerIDServer>/UI/#N/ITShop/SelfService
| Attempts Before Lockout | the number of times a user can log in incorrectly before being locked out
(within the specified period of time set in the Login Lockout Failure Window field) | Login Lockout Failure Window | the number of minutes during which a user's failed attempts to log in may result in a lockout
(the number of failed attempts as specified in the Attempts Before Lockout field) | Login Lockout Duration (Minutes) | the number of minutes during which a locked-out user cannot log in
(if the Attempts Before Lockout number is exceeded within the Login Lockout Failure Window) | Allow Remembered Registered Device | Specifies whether to remember the devices that users register when using that MFA method | Allow Remember Registered Device X Days | Sets the number of days to remember registered devices when Allow Remembered Registered Device X Days is seleted |
| Info |
|---|
*MFA points are multi-factor authentication points. Points start at 0 and can be incremented as needed. When the value is greater than 0, users must accumulate the required number of points before access is granted. **If you leave the Default Home Page field blank, the home page defaults to the user's personal dashboard. You can also set the default home page directly on a person. Home pages set directly on a person take precedence over home page settings on Password Manager policies. For more information, see Setting Home Pages. |
|
| Expand |
|---|
| title | Authentication Settings - One-Time Password Lock-Out Policy Settings |
|---|
|
You can customize your one-time password lock policy settings here. Setting | Description |
|---|
One Time Password Attempts Before Lockout | Specifies the number of times a user can log in incorrectly before being locked out
(within the period of time set in the One Time Password Attempts Window field) | One Time Password Attempts Window (Minutes) | Specifies the number of minutes during which a user's failed attempts to log in may result in a lockout
(the number of failed attempts as set in the One Time Password Attempts Before Lockout field) | One Time Password Lockout Duration (Minutes) | Specifies the number of minutes during which a locked-out user cannot log in
(if the One Time Password Attempts Before Lockout number is exceeded within the One Time Password Attempts Window) |
|
...
| Expand |
|---|
|
User Agreements are set on the View page for Password Manager Policies. To navigate to a Password Manager Policy's View page, search for that policy on the Password & Login Policies page (accessible at https://<YourEmpowerIDServer>/ui/#Common/Find/PasswordManagerPolicy) and click the Display Name link for it. On the View page for the Password Manager Policy, expand the User Agreements accordion. Click the Add New button and enter the following information: Name — The name of the user agreement to store in the database. Display Name — The friendly name of the user agreement to display in the grid. Usage Agreement Text (HTML) — Text of the Usage Agreement. The text needs to be entered in HTML format. Description —Description of the Usage Agreement. Priority (Lower is Higher) — Sets the priority of the Usage Agreement if the policy has more than one. The agreement with the highest priority is shown first, and then the one with the next highest priority and so on. Version — Version number.
Click Save when finished.
When a person to whom the policy applies logs in for the first time after the user agreement is in place, they must agree to the content of the user agreement before they can access the site.  |
...
| Macrosuite divider macro |
|---|
| dividerWidth | 80 |
|---|
| dividerType | text-with-icon |
|---|
| emoji | {"id":"smile","name":"Smiling Face with Open Mouth and Smiling Eyes","short_names":["smile"],"colons":":smile:","emoticons":["C:","c:",":D",":-D"],"unified":"1f604","skin":null,"native":"😄"} |
|---|
| textColor | #000000 |
|---|
| dividerWeight | 1 |
|---|
| labelPosition | middle |
|---|
| textAlignment | center |
|---|
| iconColor | #000000#3085c9ff |
|---|
| iconSize | medium |
|---|
| fontSize | medium |
|---|
| text | Next Steps |
|---|
| textColoremojiEnabled | #000000false |
|---|
| dividerColor | #000000#3085c9ff |
|---|
| dividerIcon | bootstrap/CloudsFill |
|---|
|
Create Challenge Questions
...