-
Notifications
You must be signed in to change notification settings - Fork 314
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4719 from PasinduYeshan/feature/rule-based-passwo…
…rd-expiry Add docs for rule-based password expiration feature
- Loading branch information
Showing
14 changed files
with
121 additions
and
89 deletions.
There are no files selected for viewing
Binary file removed
BIN
-72.4 KB
...nization/account-security/password-validation/configure-password-validation.png
Binary file not shown.
Binary file added
BIN
+158 KB
...uides/organization/account-security/password-validation/password-expiration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+56.3 KB
...es/organization/account-security/password-validation/password-history-count.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+116 KB
...organization/account-security/password-validation/password-input-validation.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+158 KB
...rver/next/docs/assets/img/guides/account-configurations/password-expiration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+56.3 KB
...r/next/docs/assets/img/guides/account-configurations/password-history-count.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+116 KB
...ext/docs/assets/img/guides/account-configurations/password-input-validation.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed
BIN
-73.6 KB
...rver/next/docs/assets/img/guides/account-configurations/password-validation.png
Binary file not shown.
Binary file removed
BIN
-638 KB
...nization/account-security/password-validation/configure-password-validation.png
Binary file not shown.
Binary file added
BIN
+158 KB
...uides/organization/account-security/password-validation/password-expiration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+56.3 KB
...es/organization/account-security/password-validation/password-history-count.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+116 KB
...organization/account-security/password-validation/password-input-validation.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
36 changes: 1 addition & 35 deletions
36
...r/next/docs/guides/account-configurations/login-security/password-validation.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1 @@ | ||
| # Password validation | ||
|
|
||
| Customize password validation rules to enhance the security of user accounts in {{product_name}}. | ||
|
|
||
| ## Configuration instructions | ||
|
|
||
| To configure password validation rules, follow the steps below: | ||
|
|
||
| 1. On the {{product_name}} Console, go to **Login & Registration** > **Login Security** > **Password Validation**. | ||
| 2. Adjust the settings according to your security requirements. | ||
| 3. Click **Update** to save the changes. | ||
|
|
||
| {: width="800" style="display: block; margin: 0;"} | ||
|
|
||
| ## Parameters | ||
|
|
||
| <table> | ||
| <tr> | ||
| <th>Parameter</th> | ||
| <th>Description</th> | ||
| </tr> | ||
| <tr> | ||
| <td><code>Password Expiration</code></td> | ||
| <td>Defines the number of days after which a password must be changed.</td> | ||
| </tr> | ||
| <tr> | ||
| <td><code>Password History Count</code></td> | ||
| <td>Specifies the number of unique new passwords a user must use before an old password can be reused.</td> | ||
| </tr> | ||
| <tr> | ||
| <td><code>Password Input Validation</code></td> | ||
| <td>Sets requirements for password complexity, including length and character types.</td> | ||
| </tr> | ||
| </table> | ||
|
|
||
| {% include "../../../../../../includes/guides/user-accounts/account-security/password-validation.md" %} |
174 changes: 120 additions & 54 deletions
174
en/includes/guides/user-accounts/account-security/password-validation.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,54 +1,120 @@ | ||
| # Configure password validation | ||
|
|
||
| User accounts in {{ product_name }} can be secured from password attacks by defining password validation rules. | ||
|
|
||
| When a user configures a password that does not abide by the validation rules, they will be requested to re-enter a password. | ||
|
|
||
| To configure password validation: | ||
|
|
||
| 1. On the {{ product_name }} Console, go to **Login & Registration**. | ||
| 2. Under **Login Security**, click on **Password Validation**. | ||
|
|
||
| {: width="500" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} | ||
|
|
||
| 3. Enter values to update the following parameters according to the requirements of your password policies. | ||
|
|
||
| <table> | ||
| <tr> | ||
| <th>Parameter</th> | ||
| <th>Description</th> | ||
| </tr> | ||
| <tr> | ||
| <td>Password Expiration</td> | ||
| <td>The number of days after which the password expires. If a user attempts to log in using an expired password, the user will be redirected to reset the password.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Password History Count</td> | ||
| <td><code>[Optional]</code> This field identifies the number of new unique passwords that must be set before an old password can be reused again. <br> <b> Example: </b> If you assign <code>3</code> as the password history count, the user cannot use the last three passwords they have used.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Number of characters</td> | ||
| <td>You can add the minimum and maximum length of the password users should use.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Mandatory characters</td> | ||
| <td>By default, a user password should contain at least one of the following characters. | ||
| <ul> | ||
| <li>Numbers</li> | ||
| <li>Upper-case characters: </li> | ||
| <li>Lower-case characters</li> | ||
| <li>Special characters</li> | ||
| </ul> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td>Number of unique characters</td> | ||
| <td><code>[Optional]</code> This field identifies the number of unique (non-repeated) characters the password should contain.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Number of repeated characters</td> | ||
| <td><code>[Optional]</code>This field identifies the number of characters that can be repeated consecutively in a user password. <br> <b> Example: </b> If you assign <code>1</code> as the number of repeated characters, the password cannot contain any repeated characters consecutively. <br> The password <code>aa1@Znlq</code> is incorrect as it has the character <code>a</code> appearing consecutively.</td> | ||
| </tr> | ||
| </table> | ||
|
|
||
| 4. Click **Update** to save your password validation rules. | ||
| # Password validation | ||
|
|
||
| This guide explains how you can manage user passwords securely using multiple validation techniques, such as enforcing password expiration and imposing password complexity requirements. | ||
|
|
||
| ## Configure password validation | ||
|
|
||
| You may find the configuration options by following the steps below. | ||
|
|
||
| 1. On the {{product_name}} Console, navigate to **Login & Registration**. | ||
|
|
||
| 2. Under **Login Security**, select **Password Validation**. | ||
|
|
||
| 3. On the **Password Validation** page, you may configure the following three options: | ||
|
|
||
| - [Rule-based password expiration](#rule-based-password-expiration): Define rules to control password expiration based on the user's groups and roles. | ||
| - [Password history count](#password-history-count): Specify how often users can reuse old passwords. | ||
| - [Password input validation](#password-input-validation): Set requirements for password complexity by defining its length constraints and required character types. | ||
|
|
||
| 3. Click **Update** to save the changes. | ||
|
|
||
| ### Rule-Based password expiration | ||
|
|
||
| Rule-based password expiration allows administrators to set custom password expiration rules based on the user's groups and roles. The higher a rule appears on the list, the greater its priority. Rules are evaluated based on their priorities and the first rule that matches the user's condition will take effect. | ||
|
|
||
| To configure rule-based password expiration, | ||
|
|
||
| 1. Turn the **Password Expiration** toggle on to enable password expiration. | ||
|
|
||
| 2. Set a default password expiry rule that applies to any user that does not meet the custom criteria. | ||
|
|
||
| 3. Click **Add Rule** and start defining custom rules. Each subsequent rule you add will be added to the top of the list. You may use the arrows on the left to change their priorities. | ||
|
|
||
| {: width="800" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} | ||
|
|
||
| Refer to the following table for more information on rule parameters. | ||
|
|
||
| <table> | ||
| <tr> | ||
| <th>Parameter</th> | ||
| <th>Description</th> | ||
| </tr> | ||
| <tr> | ||
| <td>Attribute</td> | ||
| <td>User attribute against which you are enforcing password expiry. Select either <code>Groups</code> or <code>Roles</code>.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Values</td> | ||
| <td>Select the specific group/role. You may also select multiple values thus making the rule act as an AND operator, and is enforced only on users belonging to all selected groups/roles. </td> | ||
| </tr> | ||
| <tr> | ||
| <td>Operator</td> | ||
| <td> | ||
| <ul> | ||
| <li><b>Apply:</b> Password expiry will be enforced for users who meet the rule criteria.</li> | ||
| <li><b>Skip:</b> Password expiry will not be enforced for users who meet the rule criteria.</li> | ||
| </ul> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td>Expiration (days)</td> | ||
| <td>Passwords of users meeting the criteria expire after this number of days.</td> | ||
| </tr> | ||
| </table> | ||
|
|
||
| ### Password history count | ||
|
|
||
| The **Password History Count** feature allows you to specify the number of unique new passwords a user must use before an old password can be reused. This enhances account security by preventing the reuse of old passwords. | ||
|
|
||
| {: width="800" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} | ||
|
|
||
| To enable this, select the corresponding checkbox and configure the following option. | ||
|
|
||
| <table> | ||
| <tr> | ||
| <th>Parameter</th> | ||
| <th>Description</th> | ||
| </tr> | ||
| <tr> | ||
| <td>Password History Count</td> | ||
| <td><code>[Optional]</code> The number of unique passwords that must be set before reusing an old password. <br> <b> Example: </b> If set to <code>3</code>, the user cannot reuse the last three passwords they have set.</td> | ||
| </tr> | ||
| </table> | ||
|
|
||
| ### Password input validation | ||
|
|
||
| The **Password Input Validation** feature enables you to set password complexity requirements which include minimum password length and required character types. | ||
|
|
||
| {: width="800" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} | ||
|
|
||
| Configure the following parameters to enforce input validation. | ||
|
|
||
| <table> | ||
| <tr> | ||
| <th>Parameter</th> | ||
| <th>Description</th> | ||
| </tr> | ||
| <tr> | ||
| <td>Number of characters</td> | ||
| <td>You can add the minimum and maximum length of the password users should use.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Mandatory characters</td> | ||
| <td>By default, a user password should contain at least one of the following characters. | ||
| <ul> | ||
| <li>Numbers</li> | ||
| <li>Upper-case characters </li> | ||
| <li>Lower-case characters</li> | ||
| <li>Special characters</li> | ||
| </ul> | ||
| </td> | ||
| </tr> | ||
| <tr> | ||
| <td>Number of unique characters</td> | ||
| <td><code>[Optional]</code> This field identifies the number of unique (non-repeated) characters the password should contain.</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Number of repeated characters</td> | ||
| <td><code>[Optional]</code>This field identifies the number of characters that can be repeated consecutively in a user password. <br> <b> Example: </b> If you assign <code>1</code> as the number of repeated characters, the password cannot contain any repeated characters consecutively. <br> The password <code>aa1@Znlq</code> is incorrect as it has the character <code>a</code> appearing consecutively.</td> | ||
| </tr> | ||
| </table> |