Password settings

To improve the security of your customer data, you can enforce certain password settings that would be applied to the users of the platform when they want to log in with a username and password.



Please note that these settings do not affect logins with Google or Single Sign-on.

For the accounts that have the identity domain enabled, there is an option to set up custom password settings.

You can change it in Settings > Project Settings > Security > Password settings.

We encourage you to set up the following settings:

1. Password history

By filling in the:

  • Previous password, you indicate the number of passwords stored in history that cannot be reused.

Users cannot use a password that was already used. Moreover, the default setting is that you cannot change the password to an existing one. If this setting is changed, the users wouldn't be able to use the selected number of passwords that they have used.



If you change the number of passwords stored in the history to a lower number, the previous ones will be deleted.

2. Password Expiration

You can change default settings for multi tenant instances or set up your own on the single tenant instances.

By filling in the:

  • Password expiration, you indicate the number of days after which the user is forced to change their password.
  • Password expiration alert, you indicate the number of days before the due password expiration to notify the user about this mandatory change.
  • Password grace period, you indicate the number of days after the password expiration when a user can change their password.
  • Expiration with MFA, you indicate the number of days after which a user with MFA enabled is forced to change their password.

3. Lockout

This setting allows you to decide if the user is automatically locked after a series of unsuccessful attempts to log in.

By filling in the:

  • Failed login attempts, you indicate the number of failed login attempts after which the user account will be locked.
  • Lockout threshold, you indicate the number of minutes from the first failed login until the failed login attempts counter resets.
  • Lockout duration, you indicate the number of days that must pass until a user account is unlocked and can attempt to log in.

4. Password complexity

Here you can change the default password complexity. However, if the instance (mainly multi tenant instances) already has some instance-wide settings, these must be fulfilled (e.g., on multi tenant instances, the password must be at least 8 characters).

By filling in the:

  • Minimum length, you indicate the minimum number of characters a password must contain.
  • Required character groups, you indicate the mandatory character groups a password must contain (lowercase/uppercase/numeric/special).


Password complexity

We recommend requiring at least 8 characters.