Features
Password & Authentication Policy
Learn how to configure password rules and authentication controls to secure access across your organization.
What Is Password & Authentication Policy?
The Password & Authentication Policy section allows administrators to define and enforce security rules for user access.
These policies control:
- Password complexity and validation
- Password reset behavior
- Two-Factor Authentication (2FA) requirements
All configured rules are applied across the organization.
Configuring Password Policy
The Password Policy tab defines the rules users must follow when creating or updating passwords.
When Password Policies Apply
Password rules are enforced during:
- Password changes initiated by the user
- Password resets via Forgot Password
- New user registrations
Password Requirements
Administrators can configure password constraints such as:
- Minimum password length
- Required character types:
- Uppercase letters
- Lowercase letters
- Numbers
- Special characters
- Restrictions on weak or commonly used passwords
- Password confirmation validation
Validation Behavior
- Passwords must meet all defined requirements before submission
- Validation occurs in real time during entry
- Non-compliant passwords are rejected with error messages
Users cannot proceed until all password requirements are satisfied.
Two-Factor Authentication (2FA)
The Two-Factor Authentication tab enables an additional verification step during login.
Enabling 2FA
When Require Two-Factor Authentication is enabled:
- All users must configure 2FA
- Users without setup are redirected to the setup flow on login
- Access is restricted until setup is complete
2FA Setup
Users are guided through the setup process:
- Select an authentication method (e.g., authenticator app)
- Link the method to their account
- Complete verification
2FA setup is enforced at login if not previously configured.
Login Behavior
Authentication requires two steps:
- Username and password
- Second-factor verification
| Scenario | Result |
|---|---|
| Valid credentials + valid 2FA | Access granted |
| Valid credentials + invalid 2FA | Access denied |
| Missing 2FA setup | Redirect to setup |
Notes
- Policies are enforced organization-wide
- Changes apply immediately after saving
- Existing users may be required to comply on next login or password update
- Access and configuration options depend on administrator permissions