Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Contents

How to configure Password Policy

Password Policies allow administrators to enforce password security requirements for users within miniOrange. Administrators can configure password complexity rules, password expiry settings, password similarity restrictions, password history checks, account lockout controls, and end-user password reset requirements to strengthen account security and comply with organizational password standards.

Configure Password Policy

Click on the Policies menu from the left navigation and select the Password Policy option.

miniorange Identity Platform Admin Handbook: Password Policies

Configure the required password policy settings under the Basic and Advanced tabs.

Basic Password Policy Settings

1. Password Complexity

Configure restrictions to prevent users from creating passwords containing personal or easily guessable information. This helps enhance password security and prevent unauthorized access.

miniorange Identity Platform Admin Handbook: Password Settings

  • Minimum Length in Characters: Define the minimum number of characters required for the password.
  • Maximum Length in Characters: Define the maximum number of characters allowed for the password.
  • Allowed Symbols: Specify the special characters that users are allowed to include in their passwords.
  • Password will Expire After (in days): Configure the number of days after which user passwords will expire and must be updated.
  • Require Lowercase Letter: Require users to include at least one lowercase character in the password.
  • Require Uppercase Letter: Require users to include at least one uppercase character in the password.
  • Require Number (0–9): Require users to include at least one numeric character in the password.
  • Require Symbol: Require users to include at least one special character in the password.

2. Password Similarity Rules

This feature controls how much of a user’s personal information can be reused in their password. This enhances security by preventing easily guessable passwords derived from user details.

Customer/ Superadmin can choose which personal attributes should be restricted from being used in passwords. The selected items will be validated against the password during creation or change.

The following attributes can be restricted:

  • Restrict use of email in password
  • Restrict use of username in password
  • Restrict use of first name in password
  • Restrict use of last name in password

Only the selected attributes are checked for password similarity.

miniorange Identity Platform Admin Handbook: Password Similarity Rules


3. Maximum Similar Characters Allowed

This setting defines the maximum number of consecutive characters from the selected personal details that are allowed in a password. By default, up to 2 consecutive characters from the selected personal are allowed.

Validation is performed against all selected personal attributes

Example: Username: alexa [Maximum Similar Characters Allowed: 4]

Password Result Reason
al@123 Allowed Contains only 2 consecutive characters (al)
alexa@123 Not Allowed Contains 5 consecutive characters (alexa)

Validation while changing password: Based on the selected options under Password Similarity Rules, an inline validation message is shown on the Change Password screen describing the exact password policy requirements.

miniorange Identity Platform Admin Handbook: Changed Password


Advanced Password Policy Settings

Configure additional password security controls related to password reuse, password history, maximum login attempts, account lockout, and end-user password management.

miniorange Identity Platform Admin Handbook: Lock-Out Settings and Enduser Password Settings


1. Password History

The value for password history cannot be less than 0 or more than 10.

This value indicates that the last 'n' passwords, cannot be same as the new password you will set for customer admin or its end users while changing or resetting password.

For Instance :

  • If the password history is set to 3 for a customer admin, when an end user's password is changed (e.g., to "Password1"), this is stored in their password history.
  • When the password is changed for the first time after enabling password history, it must follow the password policy and cannot be the same as the current password. For example, the new password could be "Password2."
  • On the second password change, the new password cannot be "Password1" or "Password2," as they are the last two passwords used. The new password must be different and follow the password policy, such as "Password3."
  • For the third password change, the new password cannot be "Password1," "Password2," or "Password3," as they are the last three passwords used. The new password must be different and meet the password policy requirements, for example, "Password4."
  • On the fourth change, the new password cannot be "Password2," "Password3," or "Password4." However, "Password1" can be reused since it is no longer among the last three passwords used.

You also have the option to set the password difficulty or complexity. Select the aspects you want in the passwords.


2. Locked Account Options

Configure actions and restrictions applied when user accounts are locked due to failed login attempts.

  • Send email to user if their account is locked: Send an email notification to users when their account gets locked.
  • Enable account using forgot password option: Allow users to unlock their account using the Forgot Password functionality.

3. Maximum Login Attempts

Define the maximum number of failed login attempts allowed before the account is locked.


4. Account Lockout Duration

Configure the duration for which the user account remains locked after exceeding the maximum login attempts.


3. End User Password Settings

Configure additional password update requirements for end users.

  • Requires users to update their password on their next login following a password reset by the admin: If enabled, users will be prompted to update their password on their next login after resetting it through the Forgot Password feature.

Click on Save to apply the configured password policy settings.

The configured password policy will be enforced for users within the organization.