How to enable password expiry for different user roles.
Overview
You can configure automatic password expiration after a defined number of days. If a user does not change the login password for the configured number of days, the password becomes expired. Users with expired passwords can not log in to the Atomia application until they change the password. If a user tries to login with an expired password, the user will be redirected to the Change password page.
Enabling password expiry feature
1. Go to the Identity directory, usually located at C:\Program Files (x86)\AtomiaIdentity
2. Open the Web.config in the STS directory
3. Under the pasiveStsConfiguration section, add the following section:
<passwordExpirationList> </passwordExpirationList>
4. Inside the passwordExpirationList
element, you can add roles and password expiration for the role. For example:
<passwordExpirationList> <passwordExpiration role="Administrators" timeInterval="129600"/> </passwordExpirationList>
- The role attribute is the name of the role. You can find the list of roles in the Admin Panel on the Authorization Settings page.
- The timeInterval attribute defines password expiration time interval in minutes for the role.
Changing expired password
If a user enters the correct credential on the login page and the password is expired for the user, the user will be redirected to the Change password page:
The user will be authenticated and redirected to the control panel after the successful password change.