Did you know: You can enforce granular password policies for different users in the same AD domain

Did you know: You can enforce granular password policies for different users in the same AD domain

When sensitive information needs to be protected, user's compliance to stringent password policies becomes a necessity. The default domain password policy provides neither the flexibility to apply different rules for different users nor enough complexity rules to construct a strong password policy.


How convenient would it be if you could enforce different password policies for users with different  privileges such as IT admins, finance staff, managers, non-IT staff, etc.


ADSelfService Plus' password policy enforcer effectively combats this issue by allowing you to enforce a granular password policy for specific OU/group, within a domain.

With a wide range of options for complexity rules provided by ADSelfService Plus, such as dictionary rule and pattern rule, password security is uncompromised.


Steps to Configure Granular Password Policy:

      

             1. Navigate to Configuration ---> Self-Service ---> Password Policy Enforcer
             2. Select the Policy
             3. 
Enable  Enforce Custom Password policy
             4. Set the complexity requirements for the new password.
             5.
  Now, choose the following options, for your custom password policy.
  •               Password must satisfy at least 'x' of the above complexity requirements:  This ensures that a minimum number of complexity rules are met.
  •             Enforce this policy in GINA/CP (Ctrl+Alt+Del) screen and ADUC Password resets through Password Sync Agent: This ensures that the custom password policy you've created using ADSelfService Plus is enforced during password reset operation in ADUC and password change operation in Ctrl+Alt+Del screen. 
  •             Show this policy requirement in Reset and Change Password pages: The rules from the custom password policy that you've created is displayed in the reset and change password pages instead of the domain password policy.
                6.  Click  Save  to finish the configuration.

What’s better?   By enabling ADSelfService Plus' password synchronizer feature, you can have a universal password policy governing both your on-premises Active Directory and cloud-based apps including Office 365, Google Apps and Salesforce.  

                New to ADSelfService Plus?