By Greg Keller Posted May 18, 2015
New for JumpCloud Administrators is the introduction of Password Complexity Builder. Replacing the product’s Windows/PCI Password compliancy toggle, PCB provides extreme flexibility enabling you to create and enforce the use of strong passwords to better protect your organization.
JumpCloud offers the ability for the administrator to control the level of complexity of the passwords users must create for themselves. These settings will govern the user account and all resources the account has access to, ranging from the JumpCloud user portal to their desktop access. Password Complexity Management enables you to create and enforce the use of strong passwords in order to better protect your organization. Password Complexity Builder replaces the previous Windows and PCI User Passwords functionality as of April 30, 2015.
To Configure Password Complexity:
In the Administrative Dashboard, go to Settings in the main navigation tree, and then the Security tab within Settings as seen here:
Password Complexity Definitions:
- Minimum Length: Set the minimum number of characters the password must be.
- Complexity: Increase security by selecting a minimum of 3 of the various complexity settings.
- Originality: Prevent the user from inserting their account username within the password.
- Password Aging:
- Define the number of passwords (up to 5) recently used before the user can re-use a password
- Set a number of days for when the password will expire and force the user to create a new password
- Provide a time frame in number of days before the date of expiry that the system will send the user a reminder email to change their password as their password will be expiring.
Password Complexity Builder Usage Notes:
- Existing customers (prior to April 30th 2015 release) will see the pre-existing Windows/PCI password setting toggle within the ‘General’ tab. Upon first use of Password Complexity Builder, and making/saving changes, the old Windows/PCI system will be deprecated automatically. You will move forward using Password Complexity Builder in the new Security section of Settings.
- Making changes to the password settings that increase complexity of a user’s password will require users to re-set their password immediately. The administrator making changes within the Password Complexity Builder will be issued this screen to acknowledge. End users will be emailed instructions to change their password due to the new password strength requirements:
- The Administrator will see ‘Password Expired’ for all users within the directory:
End User Password Changing Experience
When a password becomes non-compliant, a User managed in JumpCloud will be issued an email directly to set their password. They will follow the instructions and click through to the web page to reset their password. They will be reminded if they are out of compliance when creating a password as follows:
Additionally, JumpCloud Users have their own portal to manage their information, including passwords. Active Users (with non-expired passwords) can visit their portal at https://console.jumpcloud.com to manage their information. Setting a new password in the User Portal is done by clicking into the password field, creating, then confirming the new password as follows:
LDAP Bind DN and Other Service Accounts:
Administrative ‘service’ accounts such as an LDAP Bind User often managed in the directory can and should have their passwords reset by the administrator directly within the administrative view of the user’s details.