Class has the following default password management configuration:
|Password Policy Options||Field Validation|
|Minimum Password Length
Minimum length of a user password.
Minimum strength of a password in terms of the character sets that are used to construct the password.
|At least 3 of the following:
|Maximum Password Age
The period of time after which a user is required to change their password.
|Password Change on First Login
A user issued an initial password (e.g. by Class support), which is forced to change the password on the first Iogin to the system.
|Password History Requirements
Enforce password uniqueness by remembering previous passwords.
|No history requirements are enforced|
|Account Lockout Threshold
The number of failed password entries before account lockout
|Reset Account Lockout counter
The period over which failed password entries are tallied towards account Lockout. The counter also reset on lockout of the account
|Account Lockout Duration
The duration of account lockout before being automatically re-enabled. Class support also has a process to manually re-enable the account.
|locked out for 10 minutes|
|Password Uniqueness on First Login
Users are issued with a unique value password that is required to be reset immediately after Its first use (to access the system).
|One-use invitation, then asked to set their own password|
Class Password Complexity
Clients wishing to customise Class's default password management have the option to use an external identity provider that supports the OpenID connect protocol. This approach has the added benefit of providing an overall better user experience.
- We do not support external user provisioning. The user must still be entered into Class, and all permission granting is performed within Class. The identity provider is used for identity/ authentication only.
- We ONLY support OpenID Connect. We do not support SAML or WS Federation protocols.