Password & Authentication Policy

What Is Password & Authentication Policy?

The Password & Authentication Policy section allows administrators to define and enforce security rules for user access.

These policies control:

• Password complexity and validation
• Password reset behavior
• Two-Factor Authentication (2FA) requirements

All configured rules are applied across the organization.

Configuring Password Policy

The Password Policy tab defines the rules users must follow when creating or updating passwords.

When Password Policies Apply

Password rules are enforced during:

• Password changes initiated by the user
• Password resets via Forgot Password
• New user registrations

Password Requirements

Administrators can configure password constraints such as:

• Minimum password length
• Required character types:
  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Special characters
• Restrictions on weak or commonly used passwords
• Password confirmation validation

Validation Behavior

• Passwords must meet all defined requirements before submission
• Validation occurs in real time during entry
• Non-compliant passwords are rejected with error messages

Two-Factor Authentication (2FA)

The Two-Factor Authentication tab enables an additional verification step during login.

Enabling 2FA

When Require Two-Factor Authentication is enabled:

• All users must configure 2FA
• Users without setup are redirected to the setup flow on login
• Access is restricted until setup is complete

2FA Setup

Users are guided through the setup process:

• Select an authentication method (e.g., authenticator app)
• Link the method to their account
• Complete verification

Login Behavior

Authentication requires two steps:

1. Username and password
2. Second-factor verification

Notes

• Policies are enforced organization-wide
• Changes apply immediately after saving
• Existing users may be required to comply on next login or password update
• Access and configuration options depend on administrator permissions