Appboard/2.5/builder/system administration/password policy: Difference between revisions

imported>Doug yeager
No edit summary
imported>Jason.nicholls
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Password Policy}}
{{DISPLAYTITLE:Password Policy}}
[[Category:AppBoard 2.5]]
[[Category:AppBoard 2.5]]
== Overview ==
The Password Policy administration page provides an interface for the AppBoard administrator to view and manage the '''global''' password policy. The product also support per-domain password policies but these must be configured via the enPortal administration interface.
The Password Policy administration page provides an interface for the AppBoard administrator to view and manage the '''global''' password policy. The product also support per-domain password policies but these must be configured via the enPortal administration interface.


To access the Password Policy administration page select the ''System Administration'' builder mode and the ''Password Policy'' icon.
To access the Password Policy administration page select the ''System Administration'' builder mode and the ''Password Policy'' icon.
{{Note|Password policies apply to users managed within AppBoard / enPortal. For LDAP users, or other custom authentication integrations, password management is outside the scope of AppBoard}}




Line 25: Line 24:
Allows for automatic locking of accounts based on inactivity or login failures.
Allows for automatic locking of accounts based on inactivity or login failures.


=== LDAP and Password Policy ===
== Domain Specific Policies ==
<br>
 
When the portal system is backed by an external LDAP; the password policy settings should mirror those defined in your LDAP system. In some cases you will need to configure domain specific policy rules.
Through the main AppBoard administration page it is only possible to configure the global password policy. Switch to the enPortal administration interface to configure per-domain policies. Please note that a Domain policy will take precedence over the global policy.


{{Note|If you are not receiving Password Warnings for expiration in x days, then verify your LDAP Server supports policy controls.  Please ignore this note if you are using ActiveDirectory.}}
== LDAP Authentication ==


Add the following lines to server/webapps/enportal/WEB-INF/config/custom.properties if your LDAP Server does not support Policy controls:
When using external authentication via LDAP the password policy should mirror the policy defined for the LDAP system. It may be more applicable to apply this policy just to the LDAP Domain, refer to the ''Domain Specific Policies'' section above.


''ldap.policyControlSupported=false''
Refer to the [[appboard/2.5/builder/system_administration/ldap|LDAP Configuration]] documentation for more information on configuring LDAP including supported features depending on the LDAP server.

Latest revision as of 08:13, 7 October 2014

Overview

The Password Policy administration page provides an interface for the AppBoard administrator to view and manage the global password policy. The product also support per-domain password policies but these must be configured via the enPortal administration interface.

To access the Password Policy administration page select the System Administration builder mode and the Password Policy icon.


Password Policy administration page


Password Tab

The User Password Change section defines the behaviour of new users in the system and whether previous passwords can be re-used.

The Password Expiration section allows the administrator to define a password expiration at which point the user is forced to change passwords.

Syntax Tab

Allows for conditions to be set around allowed passwords, such as a minimum length, required characters such as digits or upper case letters, etc...

Lockout Tab

Allows for automatic locking of accounts based on inactivity or login failures.

Domain Specific Policies

Through the main AppBoard administration page it is only possible to configure the global password policy. Switch to the enPortal administration interface to configure per-domain policies. Please note that a Domain policy will take precedence over the global policy.

LDAP Authentication

When using external authentication via LDAP the password policy should mirror the policy defined for the LDAP system. It may be more applicable to apply this policy just to the LDAP Domain, refer to the Domain Specific Policies section above.

Refer to the LDAP Configuration documentation for more information on configuring LDAP including supported features depending on the LDAP server.