Skip to main content
Version: On prem: 15.0.2

Managing password policy

In Omada Identity Cloud solution, when generating passwords, users must follow the password policies of the target systems.

The following three aspects are important when Data Administrators and System Owners consider the password policies:

  • Password policies define the password rules.
  • Omada Identity can maintain multiple password policies.
  • Every system must have one password policy assigned.

Prerequisites

  • Password policy must be defined as part of the general security guidelines.
  • Examine the existing password policies for systems where passwords are to be generated. For every system, define a password policy that matches that of the target system. The password policy can also enforce stricter rules, but the rules should never be laxer.

Creating or editing a password policy

First, system administrator must go to Setup > Master data > Password policies and create or edit the password policy with the following fields and checkboxes:

  • Must contain lowercase: The password entered must contain at least 1 lowercase character.

  • Must contain uppercase: The password entered must contain at least 1 uppercase character.

  • Must contain special characters: The password must contain special characters.

  • Must contain digits: The password chosen must contain numbers.

  • Maximum length and Minimum length: The maximum and minimum numbers of characters allowed in the password.

  • Must not contain username, first name or last name

  • Must not contain: The password must not contain any of the listed characters.

  • Must begin with: The first character in the password must be within those provided.

  • Validation failed message: The message displayed to the user when the password validation fails.

Next, go to the All systems dashboard and select the target system. In the Provisioning section, open the General settings and select the correct password policy:

info

The password policy is enforced when an initial password is generated during the onboarding of a new identity, or during a password reset. However:

  • Regular expressions are not respected by the initial password generator.
  • The rule Must not contain username, first name or last name of the password policy is not respected by the initial password generator either, but is respected during password reset.
  • The rules Must contain lowercase, Must contain uppercase, Must contain special characters, and Must contain digits are respected both ways: if they are selected, the new initial password will contain the required elements, and if they are not selected, the password will not contain those elements.
tip

As a best practice, we recommend conforming to the following rules:

  • Policies should be reviewed on a regular basis.
  • Users should choose complex passwords that include lower and upper-case characters and numbers. If the target systems support them, adding special characters is recommended.
  • If the same password is to be used for all systems, only one policy must be defined.