Password Policy

A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords. Another possible defense against password-guessing attacks is enabling an account-lockout, which means the account will be locked after a specified number of invalid or failed login attempts.

To configure a password policy in OpManager, go to Settings -> Basic Settings -> User Management -> Password Policy.

Minimum password length: Specify the minimum number of characters required in a password. It should be within 5-25 characters.

Enforce password history: Number of unique passwords that must be associated with a user account before re-using an old password.

Password complexity: Level of complexity to be associated with a password.

Simple
1. Minimum characters as specified above
2. Maximum 25 characters

Complex 
1. Minimum characters as specified above
2. Maximum 25 characters
3. Minimum 1 uppercase, 1 lowercase and 1 special character (! ~ @ # $ % ^ & + = _ *).

Password should not be same as username: Enable this to option to prevent duplication of a username in the password. 

User Account Lockout Policy: The User Account Lockout setting allows the administrator to lockout accounts after a specified number of invalid login attempts. A locked out account cannot be used until reset by an administrator or until the account lockout duration has expired. For instance, if invalid credentials have been provided for over 5 times, the account will be locked out for 2 mins. This lockout interval and the number of bad login attempts can be configured.

Maximum invalid login attempts: Specify the maximum invalid login attempts before an account gets locked out.

Lockout period: Specify the lockout duration in minutes. 

Authorize AD group Users

User Group Details:

  1. Select AD Domain: Click on the drop down menu and select the desired AD domain from the list of available domains or Click Add Domain to add a new domain.
  2. Domain Controller: Update/provide the name of the AD domain controller. The domain controller name gets loaded automatically, once you select an existing AD domain.
  3. Enabling auto login: You can allow "All Users" (or) "Users from Selected Groups" under the chosen AD domain to access OpManager using their AD credentials. If you have chosen Selected Groups, provide the list of group names that require full or read-only access control. In case if the same user exist in both groups with read only and full control user permissions. The user with read only permission gets the preference over the other.

Access Details:

  1. User Permissions: Select "Full Control" to provide complete read/write control to the user to monitor resources using OpManager. Select "Read Only Access" if the user is allowed only to view the resources.
  2. Select the Social IT Plus Account check box to enable the user to access Social IT page
  3. Click Save.
Note: The password policy is applicable only to local users. We do not have any control over the AD and radius user passwords. Their password policies completely depend on the respective AD and Radius server settings.