Skip to main content

Configure password policy in Identity Pool

Manage password settings to improve security and authentication. Configure password strength, set expiration rules, view user password details, and enforce password resets when needed.

Configure password policy

Define password requirements to enforce security policies for users in a specific Identity Pool.

  1. On the left side of the Identity Platform page, click Identity Sources.

  2. On the Identity Pools tab, for the identity store you want to view and edit, click Actions > Manage Users.

    wf_identity_pool_002.png
  3. Select the Password Settings tab.

    wf_identity_pool_005.png
  4. Set the Strength level.

    Users must create a password that matches the strength level you set. When they enter their password, a strength meter appears on their screen. The meter turns green when the password meets the required criteria.

  5. Set password requirements including:

    • Capital letters

    • Lowercase letters

    • Digits

    • Minimum length

    • Password history

    • Special characters

    • Password expiration

  6. Save your changes.

View user password details

Check when a user's password was last updated and when it will expire.

  1. On the left side of the Identity Platform page, click Identity Sources.

  2. On the Identity Pools tab, for the identity store you want to view and edit, click Actions > Manage Users.

    wf_identity_pool_002.png
  3. Select the Users tab.

  4. Select the user whose password details you want to view and review the following details:

    • Last updated date

    • Expiration date

    wf_password_details.png

Force password reset or require a change at next login

Force a user to reset or change their password.

  1. On the left side of the Identity Platform page, click Identity Sources.

  2. On the Identity Pools tab, for the identity store you want to view and edit, click Actions > Manage Users.

    wf_identity_pool_002.png
  3. Select the Users tab.

  4. Select the user whose password needs to be changed.

  5. Click Manage, then choose one of the following options:

    • Force Reset Password – The user must reset their password using the Forgot Password flow before signing in.

      • After entering their user identifier, the user receives a verification code.

      • They must create a new password before accessing the application.

    • Force Change Password – The user signs in with their current password but is required to set a new one before continuing.

      • Typically used when users are assigned a temporary password.

      • Once changed, the user can access the application.

    wf_force_password_reset.png