Password expiration

Tags: 199 views 0

How to enable password expiry for different user roles.


You can configure automatic password expiration after a defined number of days. If a user does not change the login password for the configured number of days, the password becomes expired. Users with expired passwords can not log in to the Atomia application until they change the password. If a user tries to login with an expired password, the user will be redirected to the Change password page.

Enabling password expiry feature

1. Go to the Identity directory, usually located at C:\Program Files (x86)\AtomiaIdentity
2. Open the Web.config in the STS directory
3. Under the pasiveStsConfiguration section, add the following section:


4. Inside the passwordExpirationList element, you can add roles and password expiration for the role. For example:

    <passwordExpiration role="Administrators" timeInterval="129600"/>
  • The role attribute is the name of the role. You can find the list of roles in the Admin Panel on the Authorization Settings page.
  • The timeInterval attribute defines password expiration time interval in minutes for the role.


When working with configuration files in Atomia software, it is important that you edit them through transformation files. Please consult our documentation before editing any configuration files. If the files are edited directly the changes will be overwritten by any updates to Atomia.

Changing expired password

If a user enters the correct credential on the login page and the password is expired for the user, the user will be redirected to the Change password page:

The user will be authenticated and redirected to the control panel after the successful password change.

Good to know

If a user has a two-factor configuration enabled, the user will be asked to change the expired password after the successful two-factor authentication.

Was this helpful?