Policy Server Guides › Policy Server Configuration Guide › Password Policies › Configure Password Expiration

Configure Password Expiration

You configure password expiration settings to define events, that when triggered, the Policy Server disables the user account and optionally redirects the user to a new Web page. Examples of such events include multiple failed login attempts and account inactivity.

Note: Expiration settings are optional. If you do not want to enable an expiration setting, leave the respective fields blank.

To configure password expiration

1. Click the Expiration tab.

   Password expiration settings open.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

2. Specify user login tracking settings by selecting the Track successful logins, Track failed logins, and Authenticate on Login Tracking Failure check boxes in the Expiration group box.

   Note: You must select the Track successful logins check box if you want to disable accounts based on account inactivity. You must select the Track failed logins check box if you want to disable accounts based on failed login attempts.

3. Specify the settings that determine how often a password must be changed in the Password expires if not changed group box.
4. Specify the settings that determine how many incorrect password attempts are permitted in the Incorrect Password group box.
5. Specify the settings that determine how long a password can remain inactive in Password expires from inactivity group box.

   Note: If you do not need to configure passwords to expire from inactivity, we recommended that you do not set this option for performance reasons.

6. Click Submit to save the password policy or click another tab to continue working with the password policy.