Configuring the Cloudsuite Identities password policy
Use the Cloudsuite Identities Password Policy option to configure requirements for external users' passwords. These settings apply only to external users who are considered Infor OS Portal or Infor Ming.le identities (those users who are managed within the Infor OS Portal or Infor Ming.le).
Cloudsuite Identities password policies can also be configured at the external entity level. External entity-level password policies override tenant-level settings.
The Cloudsuite Identities Password Policy page has these options:
| Option | Description |
|---|---|
| Password expiration | You have the option to set the number of days before a password expires and require a new password. You can choose from 90 to 150 days. Enter 0 for the password never to expire. |
| Password length | You have the option to set the length of the password - a minimum of 8 characters and a maximum of 64 characters. |
| Account locked attempts | You can set how many attempts a user can sign in with an incorrect password before the account is locked. You can choose from 3 to 5 attempts. |
| Account locked time | You can set the length of time a locked account stays locked before being automatically enabled. You can choose from 15 to 30 minutes. When the set time expires, locked users are automatically enabled. |
| Disable inactive users | You can use this setting to disable a user if the user’s account is inactive for more than the specified days. You can choose from 30 to 120 days. A value of 0 means that the account will never be disabled due to inactivity. |
| Password history | You can use this setting to restrict users from re-creating a password that was used previously. The allowed range is from 3 to 24. For example, if the value is set to 3, the user cannot reset the password with any of the last three previously used passwords. |
| Prohibit password reset | You can use this setting to restrict a user from resetting a password until the time that is configured has elapsed. A value of 0 disables this setting. The allowed range is from 0 to 24 hours. For example, if the value is set to 3 hours, the user is unable to reset the password within a 3-hour time frame. |
| Enable password expiration emails | When enabled, users are sent an email 14, 7, and 3 days before their password expires. |
| Password cannot contain 3 or more consecutive characters (for example: abc, 123) | When enabled, users are not allowed to create passwords that contain consecutive characters: 0-9, 9-0, z-a, and a-z. |
| Password cannot contain 3 or more consecutive repeating characters (for example: aaa, 111) | When enabled, users are not allowed to create passwords that contain 3 or more consecutive repeating characters (such as aaa, bbb, ccc, 111). For example, the password PASSWORD11183748 would not be allowed when the feature is enabled. |
| Password cannot contain the following user attributes | When enabled, you can disallow users from including their first name, last name, username, and/or email address in their password. |
| Enforce custom forbidden password list | When enabled, you can create your own custom library of forbidden passwords. Users are disallowed from creating a password that contains any of the listed forbidden words. |
| Enable password vulnerability check | When enabled, the user cannot create a password that has been previously compromised in known data breaches. As an administrator, you cannot edit this list of vulnerable passwords. |
You do not have the ability to set these password requirements.
- One uppercase letter
- One lowercase letter
- One number
- One special character: ] [ ? / < ~ # ` ! @ $ % ^ & * ( ) + = { } | : " ; ' , >
Users are prevented from reusing their last three passwords.