Temporary Password Policy
Configure temporary static passwords that are assigned to user accounts using Assignment > Authentication Methods > Password. As with Server-side PIN Policy, these options set global temporary password policy. Click Apply in the Actions group to apply changes to these values.
-
On the SAS Token Management console, select Policy > Token Policies > Temporary Password Policy.
-
Configure the settings as needed:
-
Temporary Password Allowed—This option determines whether a static password can be assigned. When checked, an Operator can assign a temporary password to a user, provided the user does not currently have an active token. If cleared, Operators may not assign a temporary password to a user. Default value: Enabled.
-
Change Password on first use required—This option forces the user to change the static password assigned by an Operator before they can logon. The user must first provide the assigned password and then is prompted to replace the password. If this box is checked, all users assigned a static password will be required to change it on first use. The Operator cannot override this policy. If cleared, the Operator has the option of requiring a password change on first use. Default value: checked.
-
Minimum Length—This is the minimum number of characters required in the temporary password. Range is 3 to 29 characters. Default value: 8.
-
Maximum Length—This is the maximum number of characters permitted in the temporary password. Range is 4 to 30 characters. This value must be greater than or equal to the minimum length. Default value is 16 characters.
-
Minimum Complexity—This determines the combination of characters that must be used in a password. Default value: Complex alphanumeric.
-
Numeric—The minimum requirement is a password comprised of digits 0-9.
-
Alphanumeric—The minimum requirement is a password that contains at least 1 digit and 1 uppercase letter. 0-9, A-Z.
-
Strong Alphanumeric—The minimum requirement is a password comprised of at least 1 digit, 1 uppercase letter, and 1 lowercase letter. 0-9, A-Z, a-z.
-
Complex alphanumeric—The minimum requirement is a password comprised of at least 1 digit, 1 uppercase letter, 1 lowercase letter, and 1 special character. 0-9, A-Z, a-z, and other printable characters.
-
-
Change Frequency—This determines how frequently a user will be required to change their static password. This period commences with the last static password change date for a token. Default value: 30 days.
-
Force Random Passwords—This determines whether an Operator can choose the password to be given to a user. If cleared, the Operator can manually create or generate a password that conforms to the policy. If checked, the Virtual Server must generate the temporary password. Default value: cleared.
-
Force Maximum Lifetime—This determines how long a temporary password will remain active. Possible values are in minutes, hours, days or weeks. Default value: disabled.
-
-
Select Apply.