Password Policies

Password policies help you define the structure and complexity of passwords to be used. You can either make use of the predefined policies or create new policies to suit the needs of your organization. Once you define the policy, PAM360 enforces that policy and reports on violations. The inbuilt password generator will generate passwords based on the policy defined.

Password policy for PAM360 can be centrally managed from the Admin tab, Admin >> Resource Config >> Password policies. By default, PAM360 lists four policies and these policies cannot be edited or deleted. The default policies are:

  • Low - Password with less strict constraints.
  • Medium - Password with few strict constraints.
  • Strong - Password with strict constraints.
  • Offline password file - Policy for offline password access.

Apart from the default policies, you can also create your own password policy based on your requirements.

To customize password policy,
  • Navigate to Admin >> Resource Config >> Password policies.
  • You can select any of the policy as default policy by selecting the "set as default" icon against the desired policy.
  • After setting default policy, if a user tries to change the password, the default policy will be enforced and the user will be forced to enter a password as per the policy.
To create your own password policy
  • Navigate to Admin >> Resource Config >> Password policies.
  • Click Add policy.
  • A pop up form will appear. In that form enter the policy name and the other details like policy description, maximum and minimum length of the password, maximum password age. Specify if mixed case, special characters, numerals are to be enforced.
  • Click Save.
To apply password policy to resources in bulk
  • Navigate to Resources tab.
  • Select the resources for which you wish to apply the same password policy.
  • Click the link Associate Password policy from Resource Actions list present in the Resources tab.
  • In the pop-up form that appears, select the Password policy to be applied to the chosen resources from the drop down and Click Save.

After the completion of selection of password policy, the chosen password policy will be applied to all the selected resources in bulk. In case, any of the chosen resources had already been with a password policy, this action would simply overwrite the previous policy.

Enforce password policy during resource/account creation

In normal scenarios, PAM360 can check the passwords stored in the repository for compliance to the policy specified and report violations. If you want to enforce the password policy at the time of creation itself, you need to switch on a configuration in "General Settings".

General settings

The general settings lists the following options:

  • Password retrieval
  • Password reset
  • Resource / password creation
  • Resource group management
  • Notifications
  • User management
  • High availability
  • Personal passwords
  • Usage statistics collection
  • Security settings
To enforce password policy from general settings,
  • Navigate to Admin >> Settings >> General settings.
  • In the UI that opens with a list of options, select Resource / Password creation from the left pane.
  • By default password policy gets enforced only at the time of password change. If you wish to enforce policy compliance at the time of resource or account addition itself, then click the checkbox Enforce password policy during resource or password creation.
  • Once you click this, you will be permitted to add your resource or account only if the password is in accordance with the policy defined.

©2019, ZOHO Corp. All Rights Reserved.