Table of Contents

Passwords - policies and their configuration

A password policy determine, which rules must be met by new passwords either changed by users or generated by CzechIdM itself.

A new password policy

A new password policy can be created in the tab Settings → Password policies. In the table, you’ll find a list of existing policies, and you can create a new policy by clicking the green Add button.

The following basic attributes of a password policy can be filled in:

The policy can be saved by clicking Save and continue, or advanced options can be set in the form menu Enhanced control, where the following options can be set:

In the tab Characters for password generate, there are sets of characters for individual groups – lower-case characters, upper-case characters, numerals, special characters.

In the Characters for password validate tab, you can find rules regarding forbidden characters, restrictions on characters at the beginning or end of the password, and guidelines for using specific special characters.

In addition, it can be set here which characters will be forbidden in the policy. This is important mainly for policies of password generation. Also, automatically generated passwords are usually sent by SMS or mails and the way some characters are displayed can confuse the user, e.g., similarities of ‘I’ and ‘l’ or ‘,’ and ‘.’. Sometimes it is convenient to prohibit also characters ‘y’ and ‘z’ for generating due to different layouts of users’ keyboards.

In the last tab Connected systems, you can see a list of systems where the policy is currently set.

Be careful if the policy is set to be a Standard policy, it is then applied in all locations where there is no other policy, i.e. this list can be empty yet the policy is still applied on some systems.

Setting policy to administered system

The preparation of a password policy was introduced in the previous section. If a policy has been marked as a Standard policy, then this policy is now active for both CzechIdM and all administered systems where a policy has not been chosen yet.

Otherwise, a policy needs to be set for the system. This is done in the system detail. The detail can be accessed via the menu Connected systems → system detail (magnifying glass) → Basic information where password policies can be selected.