Skip to main content

Password policies

Definition

For each password domain, Soffid allows you to create different password policies depending on the user type. 

There are two kind of password policies.

  • The first ones is for user selected passwords. ThisThat is the default behavior.
  • The second one are system generated passwords. These policies are useful for shared accounts when using Enterprise Single Sign-on.

A password policy will also define how often the password needs to be changed and how many days are allowed to change it.

Regarding password complexity, you can specify the minimum and the maximum number of lowercase letters, uppercase letters, numbers, and symbols, as well as password length.

The administrator users can define a regular expression that must match each password. This can be used, for example, to ensure that the first password is not numeric.

More and more, administrators can create a list o forbidden words that cannot be used as passwords.

Password domain

Is a logical way of grouping managed systems that are sharing the same password for each user. If administrator chooses to have the same password for every system, only one password domain should exist. If administrator chooses to assign different password for each system, then a password domain should be created for each managed system.

Screen overview

&&TODO&&

  1. User Type

Standard attributes

Domain

  • Code:  password domain identifier code.
  • Description: a brief description of the password domain.

Password policies

  • Password domain: to this password domain belongs the password policy.
  • User type: specific user type for which the password policy is created.
  • Description: a brief description of the password policy.
  • Password type: king of policies password:
    • Entered by the user: thqt is the default behavior.
    • Automatically generated: these policies are useful for shared accounts when using Enterprise Single Sign-on.
  • Change allowed: if it is checked, the user could change the password. &&TODO&& ¿Es así?
  • Query allowed:  &&TODO&&¿Como funciona?
  • Valid period (days): the change of the password will be asked in that number of days.
  • Grace period (days):   &&TODO&& ¿Es así?
  • Length (min & max): added number of days to change the password.
  • Regular expression: the password must comply with a that regular expression.
  • Uppercase letters (min & max):  min and max number of uppercase letters that be included on the password.
  • Lowercase letters (min & max): min and max number of lowercase letters that be included on the password.
  • Numbers (min & max): min and max number of numbers that be included on the password.
  • Symbols (min & max): min and max number of symbols that be included on the password.
  • Complexity: &&TODO&& ¿¿??
  • Passwords remembered: number of password the system will remember.
  • Forbidden words: list of forbidden word that may no be used to create a password.

Actions

Password policies query actions

Add new domainAllows to create a new password domain
Add new password policyAllows to create a new password policy on a specific password domain.

Password domain detail actions

Apply changesAllows you to update the password domain changes.
DeleteAllows you to delete a password domain.
UndoAllows you to quit without applying any changes.

Password policies detail actions

Apply changesAllows you to update the password policy changes.
DeleteAllows you to delete a password policy.
UndoAllows you to quit without applying any changes.