Password Rules

Password Minimum Length

Enter a whole number to force the number of characters a password must contain, or leave the default of 0 to not require a minimum length.

Username Minimum Length

Enter a whole number to indicate the username must be at least the designated number of characters.

Expire After How Many Days

Enter a whole number to force the password to terminate after the specific number of days passes, or leave the default of 0 days to not require the password to expire.

Bad Login Attempts Permitted Before Lockout

Enter a whole number to count the number of bad login attempts before locking the user out of the application. The default setting is 0, which indicates no limitation to the number of bad login attempts.

Lockout Duration (After Bad Login Attempts) in Minutes

Enter the number of minutes to enforce the lockout after the maximum number of bad login attempts is reached. The default setting is 0, which indicates none.

Prevent Password Reuse in Number of Previous Passwords

Enter the number of times the new password cannot duplicate a previous password. For example, if the number 5 is entered, users receive an error stating, Cannot reuse a password that has been used in the past 5 passwords. Please try another password. The default setting is 0 to indicate no limitation.

Default User Password

Enter a password to be given to new user accounts as the default password for all new users.

Enable Case-Sensitive Passwords

Select Yes to allow the use of case-sensitive passwords. Enabling this option stores the password in the exact upper and lowercase letters the user enters. If this option is enabled after users have already entered passwords, they must enter their passwords in all uppercase letters until the passwords are changed using case-sensitive characters.

Require at Least One Number in Password

Select Yes to require the use of at least one number in the password. Select No if numbers are not mandatory for passwords.

Require at Least One Number in Username

Select Yes to require the use of at least one number in the username. Select No if numbers are not mandatory for usernames.

Require at Least One Uppercase Letter in Password

Select Yes to require the user to enter at least one uppercase letter in the password. Works with the Enable Case-Sensitive Passwords option.

Require at Least One Lowercase Letter in Password

Select Yes to require the user to enter at least one lowercase letter in the password. Works with the Enable Case-Sensitive Passwords option.

Require at Least One Special Character in Password

Select Yes to require the user to enter at least one special character in the password. Examples: ! @ # $ % & *

Restrict Username or User's Full Name from Being the Password

Select Yes to prohibit the user from using their full name in their password.

Show Forgot Password Link at Login

Select Yes to display the Forgot Password link on the login page, which users can click to receive instructions on how to reset a forgotten password.

If single sign-on (SSO) is enabled, this option does not appear. See Single Sign-On (SSO).

Show Change Password Link on the Menu

Select Yes to display the Change Password link on the menu, which users can click to be directed to change their password.

If single sign-on (SSO) is enabled, this option allows users to change their passwords within Keycloak. See Single Sign-On (SSO).

Only Allow User-Created Passwords

The Administration > Settings > Properties > Email Settings options must be configured in order to use this. Select Yes (and configure the email settings options) to allow users to create their own passwords (instead of adding them when the user accounts are created). The user's email address must be valid. After the user account is created, an email is sent to the user. The user clicks on the link in the email to open the Set New Password page.