Password Policy Enforcer

You can use ADSelfService Plus' Password Policy Enforcer feature to ensure that your users choose strong passwords that meet your organization's password policy and achieve compliance with regulatory norms.

How to configure advanced password policy settings in ADSelfService Plus

1. Log in to the ADSelfService Plus admin portal. 
2. Navigate to the Configuration tab. Under the Self-Service section, select the Password Policy Enforcer. 
3. Enable Enforce Custom Password Policy.
4. In this section, you can manage:
• Characters: Restrict the number of special characters, numbers, and Unicode characters used in passwords.

  

• Repetition: Enforce a password history check during password reset, and restrict the consecutive repetition of a specific character from the username (e.g. “aaaaa” or “user01”).

  

• Patterns: Restrict keyboard sequences, dictionary words, and palindromes, or ensure that users' passwords meet specific criteria by enforcing a Regex pattern. Learn more about setting a Regex pattern, here.

  

  

  Important Note: Ensure that the Regex pattern and other password policy rules do not conflict with each other
  
  

  If you enable a password policy based on a regex pattern, please ensure that the login agent on user machines is updated to version 6.11 or above, and the ADSelfService Plus app on user devices is at least of version 1.7.3 or 1.6.7 for Android or iOS devices, respectively

• Length: Specify the minimum and maximum password length.

  

5. You can also enable users to bypass complexity requirements when the password length exceeds a predefined limit (say, 20 characters).
6. Enter the number of policy settings the user’s password must comply with during self-service password reset and password change operations.
7. To help users create passwords that comply with the enforced policy settings, you can display the password policy requirement on the reset and change password pages.
8. Enforce the configured password policy settings during password resets from the ADUC console and the change password screen.
Note: If you enable or modify any of the settings above and the Password Sync Agent is installed, you need to update the configuration settings in the agent for the changes to take effect. Please refer to these steps to update the Password Sync Agent configurations.