Support Center

Security Settings

Password Complexity Management

JumpCloud’s password complexity settings give administrators the option to control the level of complexity of the passwords users create for their JumpCloud accounts. The user account password governs access to not only the JumpCloud user account, but also to all resources the account has access to, such as computers and SSO applications. You can create and enforce the use of strong passwords across your organization to help protect your org and its users from hackers and security breaches.

There are various guidelines for password complexity and compliance. Be sure to enforce password complexity requirements that adhere to your org’s security policy standards. For details about PCI compliant password settings, see requirement 8 in the PCI DSS v3.2.1 document. For details about NIST password guidelines, see section 4 of NIST Special Publication 800-63B.


If you integrate Office 365 with JumpCloud, we recommend that you consider Office 365's complexity settings for account passwords as you set complexity settings for JumpCloud account passwords. Specifically, consider that Office 365 requires password lengths between 8 and 16 characters. If your users attempt to create passwords with more than 16 characters, there may be issues replicating that password in Office 365. Consult Microsoft's documentation for all of Office 365's account password complexity requirements.

To configure password complexity:
  1. Log in to the JumpCloud Admin Portal:
  2. Go to Settings, then click the Security tab.
  3. Select options from the Complexity section.
  4. Click save changes.
Password Settings:
  • Minimum Length: Set the minimum number of characters required.
  • Complexity: Optionally, select one or more password complexity requirements to apply to all user passwords in the organization. When you select a complexity, organization users aren't able to create a password that doesn't adhere to the selected complexity.
  • Originality: Prevent the user from inserting their username in the password.
  • Maximum Length: Currently, password length can't be limited to a certain number of characters. 
Password Aging: 
  • The number of new, unique passwords a user has to create before one they can reuse a previous password. You can specify a number between 1 and 10. 
  • Set a number of days after which the password will expire and force the user to create a new password. The date the user password expires is N days from the time the setting was last changed/saved, where N is the number of days specified for the setting.
  • Users will receive one email a day for 7 days leading up to expiration requesting a password reset.
  • Individual users can be exempted from password expiration, see Getting Started: Users
  • If a password expires, users are locked out of all endpoints, including email. Admin assistance is required to restore the account. See Unlock User Accounts.
  • Set the number of times a user may have failed login attempts before locking the account from access.  Account lockout is triggered from and will lock the user out of:
    • User Console
    • System endpoints
  • Lockout will not affect G Suite or Office 365 to accommodate self-service password reset via email.
  • After a user account is locked due to failed login attempts, admin assistance is required to restore the account. See Unlock User Accounts.
Changing Password Complexity:

When you change the complexity requirements, a confirmation window, Apply New Password Requirements appears before you commit changes. 
  1. Enforce Password Reset at Specific Date and Time - Specify the date and time users will be required to change their password and meet the new complexity requirements.  If the user does not reset their password by this time, the user will be locked out until a password reset is performed.
  2. Enforce Password Reset on Next Password Change - Users will not be required to change their password and meet the new password complexity requirements until the next password change.


Last Updated: May 09, 2019 09:23AM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found