Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

Tokens

Temporary Password Policy

Please Note:

SAS PCE
Get started
- System Requirements
- Installation
  - Install SafeNet Authentication Service
  - Prepare database
  - Configure SafeNet Authentication Service
  - Configure SafeNet Authentication Service for High Availability
  - Configure for MobilePASS and MobilePASS+ Enrollment
  - Onboarding for MobilePASS+ enrollment
  - SAS PCE Windows Services Startup Recommendations
  - Security and Compliance
- Upgrade
  - SafeNet Authentication Service pre-upgrade checklist
  - SafeNet Authentication Service upgrade - primary data center
  - SafeNet Authentication Service upgrade - secondary data center
  - SafeNet Authentication Service post-upgrade checklist
  - Additional Considerations
- System setup
  - Setup
  - Communications
  - Logging
Dashboard
- On-Boarding
- Virtual Servers
- Administration
Users and groups
- Configure individual users
- Manage tokens for a user
- Groups
- Containers
- Restrict access based on the time, day, or date
- User Policies
User synchronization
- LDAP sync server settings
- LDAP integration
- LDAP settings
Operators and roles
- Operators
- External Operators
- Provision roles automatically
- Alerts
Tokens
- Token types
  - Hardware tokens
    - OTP hardware token
    - KT-4 tokens
    - RB-1 tokens
  - Software tokens
    - GrIDsure
    - SMS OTP token
  - Third Party tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary Password Policy
- Token Passcode Processing Policy
- Configure server-side PINs
- Token synchronization
- Import SafeNet tokens
- Token inventory
- Deallocate inventory
- MobilePASS target and Push OTP settings
- SMS credits
- SMS/Email/Voice OTP Delivery Methods
- Quicklog authentication
- Initialize hardware tokens
Provisioning tokens to users
- Provision tokens
- Automate token provisioning
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for Push OTP
- Enable Push OTP and MobilePASS+
- Push OTP Rejection Policy
- Customize Push notifications and alerts
- Configure applications for Push OTP
- Token management and enrollment
- Push OTP authentications
RADIUS integration
- RADIUS third-party token support
- RADIUS attributes for users or groups
- Block RADIUS authentication
Server and agent settings
- Authentication Nodes
- Pre-authentication rules
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configure a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
- Display Device Information
- Download an encryption key for remote services
Self-service site
- Site appearance and default language
- Self-Service Modules
- Self-Enrollment pages
- Configure authorities, OOB enrollment, and policies
- Process requests and view reports
Branding the appearance
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Troubleshooting
- Authentication errors
- Error codes

SAS PCE documentation
SAS PCE
Tokens
Temporary Password Policy

Temporary Password Policy

Configure temporary static passwords that are assigned to user accounts using Assignment > Authentication Methods > Password. As with Server-side PIN Policy, these options set global temporary password policy. Click Apply in the Actions group to apply changes to these values.

On the SAS Token Management console, select Policy > Token Policies > Temporary Password Policy.
Configure the settings as needed:
- Temporary Password Allowed—This option determines whether a static password can be assigned. When checked, an Operator can assign a temporary password to a user, provided the user does not currently have an active token. If cleared, Operators may not assign a temporary password to a user. Default value: Enabled.
- Change Password on first use required—This option forces the user to change the static password assigned by an Operator before they can logon. The user must first provide the assigned password and then is prompted to replace the password. If this box is checked, all users assigned a static password will be required to change it on first use. The Operator cannot override this policy. If cleared, the Operator has the option of requiring a password change on first use. Default value: checked.
- Minimum Length—This is the minimum number of characters required in the temporary password. Range is 3 to 29 characters. Default value: 8.
- Maximum Length—This is the maximum number of characters permitted in the temporary password. Range is 4 to 30 characters. This value must be greater than or equal to the minimum length. Default value is 16 characters.
- Minimum Complexity—This determines the combination of characters that must be used in a password. Default value: Complex alphanumeric.
  - Numeric—The minimum requirement is a password comprised of digits 0-9.
  - Alphanumeric—The minimum requirement is a password that contains at least 1 digit and 1 uppercase letter. 0-9, A-Z.
  - Strong Alphanumeric—The minimum requirement is a password comprised of at least 1 digit, 1 uppercase letter, and 1 lowercase letter. 0-9, A-Z, a-z.
  - Complex alphanumeric—The minimum requirement is a password comprised of at least 1 digit, 1 uppercase letter, 1 lowercase letter, and 1 special character. 0-9, A-Z, a-z, and other printable characters.
- Change Frequency—This determines how frequently a user will be required to change their static password. This period commences with the last static password change date for a token. Default value: 30 days.
- Force Random Passwords—This determines whether an Operator can choose the password to be given to a user. If cleared, the Operator can manually create or generate a password that conforms to the policy. If checked, the Virtual Server must generate the temporary password. Default value: cleared.
- Force Maximum Lifetime—This determines how long a temporary password will remain active. Possible values are in minutes, hours, days or weeks. Default value: disabled.
Select Apply.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com