Legacy RADIUS server IPs will be deprecated on Jan 31, 2019. Please see this KB for more info.

Support Center

Security Settings

Password Complexity Management

JumpCloud offers the ability for the administrator to control the level of complexity of the passwords users must create for themselves. These settings will govern the user account and all resources the account has access to, ranging from the JumpCloud user portal to their desktop access. Password Complexity Management enables you to create and enforce the use of strong passwords in order to better protect your organization. Password Complexity Builder replaces the previous Windows and PCI User Passwords functionality as of April 30, 2015. For more details regarding PCI compliant password settings, see requirement 8 in the PCI DSS v3.2 document.

To Configure Password Complexity:
  1. In the Administrative Dashboard go to Settings from the left-hand navigation.
  2. Click the Security tab within Settings as seen here:

Password Settings:
  • Minimum Length: Set the minimum number of characters required.
  • Complexity: Three out of 4 complexity options must be enabled.  
  • Originality: Prevent the user from inserting their username within the password.
  • Maximum Length: Cannot be limited or capped at this time. 
Password Aging: 
  • The number of passwords (up to 10) used before one can be re-used. 
  • Set a number of days for when the password will expire and force the user to create a new password. The date the user password will expire is N days from the time the setting was last changed/saved, where N is the number of days specified in the setting.
  • Users will receive one email a day for 7 days leading up to expiration requesting a password reset
  • Individual users can be exempted from password expiration, see Getting Started: Users
  • If a password expires, users are locked out of all endpoints, including email. Admin assistance is required to restore the account
  • Set the number of times a user may have failed login attempts before locking the account from access.  Account lockout is triggered from and will lock the user out of:
    • User Console
    • System endpoints
  • Lockout will not affect G Suite or Office 365 to accommodate self-service password reset via email.
Changing Password Complexity:

When changing the complexity requirements, a confirmation window "Apply New Password Requirements" will be displayed before committing changes. 
  1. Enforce Password Reset at Specific Date and Time - Specify the date and time users will be required to change their password and meet the new complexity requirements.  If the user does not reset their password by this time, the user will be locked out until a password reset is performed.
  2. Enforce Password Reset on Next Password Change - Users will not be required to change their password and meet the new password complexity requirements until the next password change.


Last Updated: Sep 06, 2018 03:44PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found