Configure password policies
Manage password settings to improve security and authentication. Configure password policies, set expiration rules, choose hash methods, view user password details, and enforce password resets when needed.
Configure password policy
Define password requirements to enforce security policies for users in a specific Identity Pool.
Go to Tenant settings > Identity Pools > [Selected Identity Pool] > Sign-in and Sign-Up.
Expand the Password Policy section.
Set the Strength level.
Users must create a password that matches the strength level you set. When they enter their password, a strength meter appears on their screen. The meter turns green when the password meets the required criteria.
Set password requirements including:
Capital letters
Lowercase letters
Digits
Minimum length
Password history
Special characters
Password expiration
Expand the Password Settings section and set the password hashing method:
Save your changes.
View user password details
Check when a user's password was last updated and when it will expire.
Go to Tenant settings > Identity Pools > [Selected Identity Pool].
Select the Users tab.
Select the user whose password details you want to view and review the following details:
Last updated date
Expiration date
Force password reset or require a change at next login
Force a user to reset or change their password.
Go to Tenant settings > Identity Pools > [Selected Identity Pool].
Select the Users tab.
Select the user whose password needs to be changed.
Click Manage, then choose one of the following options:
Force Reset Password – The user must reset their password using the Forgot Password flow before signing in.
After entering their email or phone number, the user receives a verification code.
They must create a new password before accessing the application.
Force Change Password – The user signs in with their current password but is required to set a new one before continuing.
Typically used when users are assigned a temporary password.
Once changed, the user can access the application.
Initiate password reset
Go to Tenant settings > Identity Pools > [Selected Identity Pool].
Select the Users tab.
Select the user who needs a password reset.
Click Manage > Initiate Reset Password.
Result: The user receives an email notification that SecureAuth has received a request to reset their credentials. The email includes instructions for completing the reset.