Administrators can define specific password policy requirements and expiration settings to increase password strength and improve overall security for the main appliance.

These policies govern how users interact with their accounts, including how often they must rotate their credentials and how the system responds to unauthorized access attempts. By establishing clear rules for complexity and account behavior, you protect the integrity of your infrastructure data and discovery secrets..

Define the password policy

Configure the global requirements for all user accounts.

1. Navigate to Tools > Admins & Permissions > Password Profile.

2. Define the following policy settings:

   • Complexity: Set the Minimum password length and the minimum number of uppercase, numeric, and special characters.

   • Expiration: Configure the Password expiration timing to determine how long a credential remains valid.

   • Alerts: Enable User alerts to notify administrators a designated number of days before their password expires.

   • Account Locking: Specify the number of invalid login attempts allowed before an account is locked.

3. Click Save to enforce the rules.

Caution: Account Locking is a global setting that applies to all users, including superusers. Because the system cannot automatically unlock these accounts, ensure you have a second superuser created to assist if the primary admin is locked out.

Manage user and account status

Monitor and manually adjust the security state of individual administrators.

1. Navigate to Tools > Admins & Permissions > Administrators.

2. Review the list to see the current password and account status for each user.

3. Perform the following administrative actions as needed:

   • Expire Password: Force a user to change their password upon their next login.

   • Exempt from Expiration: Allow specific service accounts or users to bypass the rotation policy.

   • Unlock Account: Restore access to a user who has exceeded the invalid login limit.

How policies affect users

Understand the automated workflows triggered by your security configuration.

• Password Expiration: * Users receive an alert prior to the expiration date.

  • If a user logs in with a valid but expired password, they are immediately prompted to create a new one before they can access the dashboard.

• Account Lockout: * Every failed login attempt with an invalid password counts toward the lockout threshold.

  • Once locked, the user sees a security alert upon login and must contact an administrator to have their account manually unlocked via the Administrators page.