Password Expiry & Lockout Policy Changes

Written by Zach DeMeyer on June 16, 2019

Share This Article

A common hurdle in an IT admin’s day-to-day workflow is user password reset tickets. What can be more irritating, however, is when a user’s password isn’t reset and expires, potentially locking them out of critical resources. With JumpCloud®, this event can be even more shocking, as a set of JumpCloud credentials authenticates user access to virtually all of their IT resources.

In order to combat lockout, we’ve recently made some improvements to JumpCloud’s password expiration policy and account lockout behavior. These changes are designed around improving overall password expiration visibility and ease of reset. We believe that these improvements should ultimately make it easier for end users to understand their password is about to expire, as well as expedite the recovery of their password in the case that it has expired.

Password Expiration Updates

Expiry Notification in User Portal

New to the JumpCloud user portal is a dismissable prompt that automatically generates 7 days before a user’s password is slated to expire. Users will see a new window prompt each time they log into User Portal, informing them that they should update their password before it expires.

Users can choose to update their password directly within the prompt, using the JumpCloud Mac system application, or by doing so later in the User Portal itself. They can also dismiss the prompt to change their password at another time in the future, but will continue to see the prompt until the password is reset. Once their password has been updated, they will no longer see the prompt.

Forced Password Reset

In addition to the default notification of password expiration in User Portal, admins can also configure a new optional setting to force users to update their password ahead of expiration. This can be found in the Password Settings section in the Security tab (shown above) and is a configurable setting to force end users to update their passwords. When set, users are presented with a screen that is not dismissible, requiring them to update their password upon entering the User Portal.


In an effort to make password recovery easier, we no longer remove local user accounts from FileVault™ when a password has expired. This change is intended to help ensure that users are able to self-recover on managed Mac systems.

More Features Coming Soon

The following features are slated to be released within the coming weeks, which should help to finalize our password expiry updates, creating the best possible experience for users with expired passwords.

Forced Reset

After a user’s password expires, they will automatically be prompted to immediately reset their password upon entering the User Portal without the need for admin configuration. Users will be prevented from taking any further action in the Portal until the password is reset.

Password Expiration Configuration in the API

Admins will be able to use the JumpCloud API to customize their organization’s password expiration and lockout behaviors to meet their organization’s needs. These options include configurations for LDAP, RADIUS, and G Suite™ endpoints.

More Information

JumpCloud is dedicated to delivering the best possible experience for admins and their end users. If you have any questions about these updates regarding password expiration and lockout, please contact us. We would be happy to assist you.


Securely connect to any resource using Google Workspace and JumpCloud.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter