Displaying Password Complexity Rules

You can display password complexity rules when users are prompted to change an expired password:

  • This helps to reduce failed password reset attempts due to unknown complexity requirements.

  • As users type a new password, the password complexity requirements are validated automatically to show which requirements have been met.

Displaying password complexity rules requires that the Active Directory minimum password age be set to 0 days.

Setting the value to zero prevents possible password reset failures, even when the new password meets the complexity requirements.

The following details where password complexity rules are supported:

  • Password complexity rules are retrieved from Active Directory only.

  • Rules are displayed only on Windows single-user computers and shared-kiosk workstations.

  • Rules appear only when users are prompted to change an expired password; they do not appear during user-initiated password resets.

You can enable or disable this functionality as required. By default, it is enabled for new enterprise deployments and disabled for upgraded environments.

To manage password complexity display settings:

  1. In the Imprivata Admin Console, go to the gear icon menu > Settings page.

  2. Go to the Domain password section and either select or deselect Display rules for active directory password policy enforcement.

  3. Click Save.

The Imprivata agent cannot validate some rules, for example password history/age requirements or a custom Active Directory password filter, until the password is submitted. In these cases, you can use a configurable error message to provide additional feedback to users:

To configure the message:

  1. In the Imprivata Admin Console, go to the gear icon menu > Settings page.

  2. Go to the Domain password section and enter a custom error message in Self-Service Password change failure error message.

    NOTE:

    To reset the message to the default value, click the text field and then click X.

  3. Click Save.