Password policies are part of the wider security environment but since they control from where and when a user can access the system.
How to create Password Policies
From the Permissions menu (Admin > Permissions > Password Policies) you can see a list of any existing password policies in your system. To edit a existing password Police just click on its name. You can create a new Policy by clicking the +Add Policy link towards the top right of the screen.
The settings for a Password Policy
When you edit or create a new policy you are given the option to name and give a description of the policy.
You can specify password strength by requiring a minimum length of characters for the password, and if it is required to have mixed cases, numbers and or special characters.
You can also set if the password will expire and require to be reset. If you do you can set how often it will need to be reset and if there will be a restriction on a user using the same password as a previous password. You do this by entering a number in the Repeat Password Limit filed. The number here will be how many times a user has to enter a new password before they can repeat a previous password they have used.
You can also restrict the times of day the users can access the system and optionally restrict access to a specified range of IP addresses.
Applying a Password Policy to a user
Password Policies are applied against system roles in Actionstep. If you go to your System Roles screen (Admin > Permissions > System Roles) and click on the name of any of the listed system roles to edit them, you will see a field where you can select any Password Policy you have created in your system.
Any login that you link to that system role thereafter will have the restrictions you set in the password policy applied to their login.
| Note |
|---|
| Info |
See updated article in Actionstep Help Center: https://support.actionstep.com/hc/en-us/articles/360050372614-Password-Policies |