TLS 1.0 will be deprecated in JumpCloud on 6/18/2018. More info.

Support Center

Password Complexity Management

Password Complexity Management

JumpCloud offers the ability for the administrator to control the level of complexity of the passwords users must create for themselves. These settings will govern the user account and all resources the account has access to, ranging from the JumpCloud user portal to their desktop access. Password Complexity Management enables you to create and enforce the use of strong passwords in order to better protect your organization. Password Complexity Builder replaces the previous Windows and PCI User Passwords functionality as of April 30, 2015. For more details regarding PCI compliant password settings, see requirement 8 in the PCI DSS v3.2 document.

To Configure Password Complexity:
  1. In the Administrative Dashboard go to Settings from the left-hand navigation.
  2. Click the Security tab within Settings as seen here:

Password Complexity Definitions:
  • Minimum Length: Set the minimum number of characters the password must be.
  • Complexity: Increase security by selecting a minimum of 3 of the various complexity settings.  
  • Originality: Prevent the user from inserting their account username within the password.
Password Aging: 
  • Define the number of passwords (up to 5) recently used before the user can re-use a password. 
  • Set a number of days for when the password will expire and force the user to create a new password. The date the user passwords will expire is N days from the time the setting was last changed/saved, where N is the number of days specified in the setting.

  • Set the number of times a user may have failed login attempts before locking the account from access.  Account lockout is triggered from and will lock the user out of:
    • User Console
    • System endpoints
    • Authentication APIs
  • Lockout will not affect G Suite or Office 365 to accommodate self service password reset via email.
Increasing Password Complexity:

Upon saving changes to the password settings that increase complexity of a user's password, a confirmation window "Apply New Password Requirements" will be displayed before committing changes.  This will present you with two separate options on how you would like the change to take effect:
  1. Enforce Password Reset at Specific Date and Time - Here you can specify a date and time that your users will be required to change their password and meet the new complexity requirements.  If the user does not reset their password by this time, the user will be locked out until a password reset is performed.
  2. Enforce Password Reset on Next Password Change - With this setting, users will not be required to change their password and meet the new password complexity requirements until the password expiration period discussed above is met.

Administrator User Password Expiration Experience

Note that when a password expiration is configured, or the password complexity is increased and Option 1 is selected per the "Increasing Password Complexity" section above, the Administrator will see 'Password Expired' for all users within the directory:

End User Password Changing Experience 

When a password becomes non-compliant, a User managed in JumpCloud will be issued an email directly to set their password. They will follow the instructions and click through to the web page to reset their password. They will be reminded of the newly implemented password complexity settings as follows:

Additionally, JumpCloud Users have their own portal to manage their information, including passwords. Active Users (with non-expired passwords) can visit their portal at to manage their information. Setting a new password in the User Portal is done by clicking into the password field, creating, then confirming the new password as follows:

LDAP Bind DN and Other Service Accounts:
Administrative 'service' accounts such as an LDAP Bind User often managed in the directory can and should have their passwords reset by the administrator directly within the administrative view of the user's details. 

Password Complexity Builder Usage Notes:
  • Existing customers (prior to April 30th 2015 release) will see the pre-existing Windows/PCI password setting toggle within the 'General' tab. Upon first use of Password Complexity Builder, and making/saving changes, the old Windows/PCI system will be deprecated automatically. You will move forward using Password Complexity Builder in the new Security section of Settings. 

Last Updated: Feb 28, 2018 12:38PM MST

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found