Skip to main content

Configure password policies

Manage password settings to improve security and authentication. Configure password policies, set expiration rules, choose hash methods, view user password details, and enforce password resets when needed.

Configure password policy

Define password requirements to enforce security policies for users in a specific Identity Pool.

  1. Go to Tenant settings > Identity Pools > [Selected Identity Pool] > Sign-in and Sign-Up.

  2. Expand the Password Policy section.

    identity_pool_003.png

  3. Set the Strength level.

    Users must create a password that matches the strength level you set. When they enter their password, a strength meter appears on their screen. The meter turns green when the password meets the required criteria.

  4. Set password requirements including:

    • Capital letters

    • Lowercase letters

    • Digits

    • Minimum length

    • Password history

    • Special characters

    • Password expiration

  5. Expand the Password Settings section and set the password hashing method:

    identity_pool_004.png

  6. Save your changes.

View user password details

Check when a user's password was last updated and when it will expire.

  1. Go to Tenant settings > Identity Pools > [Selected Identity Pool].

  2. Select the Users tab.

  3. Select the user whose password details you want to view and review the following details:

    • Last updated date

    • Expiration date

    Password details

Force password reset or require a change at next login

Force a user to reset or change their password.

  1. Go to Tenant settings > Identity Pools > [Selected Identity Pool].

  2. Select the Users tab.

  3. Select the user whose password needs to be changed.

  4. Click Manage, then choose one of the following options:

    • Force Reset Password – The user must reset their password using the Forgot Password flow before signing in.

      • After entering their email or phone number, the user receives a verification code.

      • They must create a new password before accessing the application.

    • Force Change Password – The user signs in with their current password but is required to set a new one before continuing.

      • Typically used when users are assigned a temporary password.

      • Once changed, the user can access the application.

    Force password reset

Initiate password reset

  1. Go to Tenant settings > Identity Pools > [Selected Identity Pool].

  2. Select the Users tab.

  3. Select the user who needs a password reset.

  4. Click Manage > Initiate Reset Password.

    Result: The user receives an email notification that SecureAuth has received a request to reset their credentials. The email includes instructions for completing the reset.

In this section: