One Identity Safeguard for Privileged Sessions (SPS) can use password policies to enforce the use of password history, minimal password strength, password length, and password expiry.

Limitations

Password policies apply only to locally managed users, and have no effect if you manage your users from an LDAP database, or if you authenticate your users to a RADIUS server.

NOTE: One Identity Safeguard for Privileged Sessions (SPS) accepts passwords that are not longer than 150 characters. Letters A-Z, a-z, numbers 0-9, the space character, as well as the following special characters can be used: !"#$%&'()*+,-./:;<>=?@[]\^-`{}_|

To create a password policy

  1. Navigate to Users & Access Control > Settings.

    Figure 76: Users & Access Control > Settings — Configuring password policies

  2. Set the Authentication method to Password provided by database and the User database to Local.

    NOTE: If the setting of these fields is different (for example LDAP or RADIUS), then SPS is not configured to manage passwords locally.

  3. Set how long the passwords are valid in the Password expiration field. After the configured period, SPS users have to change their password. To disable this option, set the value to 0. The acceptable values are 0-365.

  4. Number of passwords to remember: use this option to prevent using the same password again for the configured number of password changes. For example, if the value is set to 10, the users have to use 10 different passwords consecutively until the first password can be used again. The acceptable values are 0-32. To disable this option, set the value to 0.

  5. Set the required password complexity level in Minimal password strength. The possible values are disabled, good, and strong.

    NOTE: The strength of the password is determined by its entropy: the variety of numbers, letters, capital letters, and special characters used, not only by its length.

    To execute some simple dictionary-based attacks to find weak passwords, set Cracklib (eg. dictionary) check on password to Enabled.

  6. In Minimal password length, set the minimum number of characters for the passwords. The acceptable values are 1-99.

  7. Click .

    NOTE: Changes to the password policy do not affect existing passwords. However, setting password expiry will require every user to change their passwords after the expiry date, and the new passwords must comply with the strength requirements set in the password policy.