Versions Compared

Old Version 2

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. On the navbar, expand Password Management and click Password & Login Policies.

  2. Click the Add New Policy button.

    Image RemovedImage Added

  3. In the General tab of the Policy Details form that appears, enter a name and description for the policy in the Name, Display Name, and Description fields. 

  4. Set any of the optional settings explained below and click Save when finished.

...

Setting

Description

Min Digits

Specifies the minimum number of digits required within passwords

Min Special Characters

Specifies the minimum number of special characters required within passwords

Maximum Pairs of Repeating Characters

Specifies the maximum number of repeating characters allowed within passwords

Restrict First X Characters Of Login

Specifies the number of characters from the beginning of the user name that are not allowed within passwords
(e.g. 3 forbids the use of the first three letters of the user name within passwords)

Password Requires Mixed Case

Enforces the use of upper and lower case letters within passwords

Require Leading Letter

Enforces the use of a letter as the first character within passwords

Require Mainframe Compatibility

Enforces mainframe password format requirements (max 8 characters, no special characters)

Regular Expression Validator

Uses a regular expression to constrict and validate the use of characters within passwords
(the RegEx is applied in addition to any other settings specified)

Password Prevent Username Words

Forbids the use of the user name in any part of passwords

Password Prevent Dictionary Words

Forbids the use of words contained in the selected dictionary within passwords

Dictionary Word Set

Allows you to select the dictionary of words that are forbidden within passwords*

Note

EmpowerID includes two Dictionary Word Sets, each with its own collection of blocked words. You can customize these by adding new words to them or create your own as needed. For information on how to create and configure a Dictionary Word Set, see Configure Dictionary Words for Password Policies.

General Settings - Password Change Policy Settings

...

Setting

Description

Password Prevent Change

prevents users from changing their passwords

Password Allow Reuse After X Days

Specifies the number of days that must pass before users can reuse passwords from their password history

Password Allow Reuse After X Changes

Specifies the number of password changes that must occur before users can reuse passwords from their password history

Password Require Change Every X Days

Specifies the number of days after which users are required to change their password

Min Age to Allow Change (X Days)

Specifies the number of days users must wait before they are allowed to change their password

Notify X Days Before Expires

Specifies the number of days prior to password expiration to send email notifications to users
(users must have an email account registered in EmpowerID)

ReNotify Every X Days

Specifies the number of days after which to send email reminders to users 
(reminders end when the user changes the password or the expiration date passes)

Password Expiration Notification

Specifies whether to enable this workflow to allow EmpowerID to send these email alerts
(see steps to enable it in the drop-down section below)

...

Setting

Description

Min Login LoA if Local

Sets the minimum number of MFA points* required for users within your local network

Min Login LoA if Remote

Sets the minimum number of MFA points* required for users outside of your local network

Min Passwordless Login LoA if Local

Sets the minimum number of MFA points required for users using passwordless login from within your network

Min Passwordless Login LoA if Remote

Sets the minimum number of MFA points required for users using passwordless login from outside your network

Default Home Page

Sets the relative path to the page of the EmpowerID Web application that users see after they login 
(that portion of the page's URL that begins with the # symbol)
e.g. https://<EmpowerIDServer>/UI/#N/ITShop/SelfService

Attempts Before Lockout

Specifies the number of times a user can log in incorrectly before being locked out
(within the specified period of time set in the Login Lockout Failure Window field) 

Login Lockout Failure Window

Specifies the number of minutes during which a user's failed attempts to log in may result in a lockout
(the number of failed attempts as specified in the Attempts Before Lockout field)

Login Lockout Duration (Minutes)

Specifies the number of minutes during which a locked-out user cannot log in
(if the Attempts Before Lockout number is exceeded within the Login Lockout Failure Window)

Allow Remembered Registered Device

Specifies whether to remember the devices that users register when using that MFA method

Allow Remember Registered Device X Days

Sets the number of days to remember registered devices when Allow Remembered Registered Device X Days is seleted

...

Setting

Description

Login Handler Assembly

Specifies the custom assembly containing your login handler

Login Handler Type

Specifies the type of the login handler

Self-Service Password Reset Settings - Password Reset Recovery Settings

Password Manager offers a flexible workflow-based process that allows users to reset forgotten passwords and unlock their locked accounts once they have enrolled in the Password Recovery Center and supplied answers to a select number of self-identifying questions as dictated by your Password Manager policy. Depending on how you set up your Password Manager policies, you can force new users to enroll for password self-service at their initial login or allow them to make that decision themselves.

Settings

Description

Enable Multifactor Reset During Recovery

Specifies whether users must go through MFA when resetting forgotten passwords. If enabled, you need to set the minimum number of LoA (level of assurance) points local and remote users must accumulate in order to reset their passwords.

Enable Question Answer Reset During Recovery

Specifies whether users must answer their personal challenge questions when resetting forgotten passwords. If enabled, you need to configure Password Reset Enrollment Settings.

Force Enrollment During Login

Specifies whether users must enroll for password self-service reset during their first login

...

  1. On the View page for the Password Manager Policy, expand the User Agreements accordion.

  2. Click the Add New button and enter the following information:

    • Name — The – The name of the user agreement to store in the database.

    • Display Name — The  – The friendly name of the user agreement to display in the grid.

    • Usage Agreement Text (HTML) —  – Text of the Usage Agreement. The text needs to be entered in HTML format.

    • Description —Description – Description of the Usage Agreement.

    • Priority (Lower is Higher) —  – Sets the priority of the Usage Agreement if the policy has more than one. The agreement with the highest priority is shown first, and then the one with the next highest priority, and so on.

    • Version —  – Version number.

  3. Click Save when finished.

...