JumpCloud offers the ability for the administrator to control the level of complexity of the passwords users must create for themselves. These settings will govern the user account and all resources the account has access to, ranging from the JumpCloud user portal to their desktop access. Password Complexity Management enables you to create and enforce the use of strong passwords in order to better protect your organization. Password Complexity Builder replaces the previous Windows and PCI User Passwords functionality as of April 30, 2015. For more details regarding PCI compliant password settings, see requirement 8 in the PCI DSS v3.2 document.
- Set the minimum number of characters the password must be.
- Set the number of times a user may have failed login attempts before locking the account from access. Account lockout is triggered from and will lock the user out of:
- User Console
- System endpoints
- Authentication APIs
- Lockout will not affect G Suite or Office 365 to accommodate self service password reset via email.
Upon saving changes to the password settings that increase complexity of a user's password, a confirmation window "Apply New Password Requirements" will be displayed before committing changes. This will present you with two separate options on how you would like the change to take effect:
- Here you can specify a date and time that your users will be required to change their password and meet the new complexity requirements. If the user does not reset their password by this time, the user will be locked out until a password reset is performed.
- - With this setting, users will not be required to change their password and meet the new password complexity requirements until the password expiration period discussed above is met.
Note that when a password expiration is configured, or the password complexity is increased and Option 1 is selected per the "Increasing Password Complexity" section above, the Administrator will see 'Password Expired' for all users within the directory:
Additionally, JumpCloud Users have their own portal to manage their information, including passwords. Active Users (with non-expired passwords) can visit their portal at https://console.jumpcloud.com to manage their information. Setting a new password in the User Portal is done by clicking into the password field, creating, then confirming the new password as follows:
Administrative 'service' accounts such as an LDAP Bind User often managed in the directory can and should have their passwords reset by the administrator directly within the administrative view of the user's details.
- Existing customers (prior to April 30th 2015 release) will see the pre-existing Windows/PCI password setting toggle within the 'General' tab. Upon first use of Password Complexity Builder, and making/saving changes, the old Windows/PCI system will be deprecated automatically. You will move forward using Password Complexity Builder in the new Security section of Settings.