![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/Password-is-going-to-expire.jpg\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/6-days-for-password-expiration.jpg\")
<\/figure>\n\n\n\n- \n
- A daily notification will appear to a user on a managed device with the JumpCloud tray app (Windows and macOS users only) nudging them to use the app to reset their password. This will start within 10 days prior to their password expiration. This looks slightly different on Macs and Windows.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/07\/JumpCloud-Agent-App.jpg\")
<\/figure>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\")
<\/p><\/div>Important:<\/strong> \nLinux users do not have a tray app, and will need to change their password locally on their device. If their password expires before they update their password locally, they will not be able to log in to their device. Admins will need to manually reset the user’s password from the Admin Portal.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Reviewing Expiration Settings<\/h3>\n\n\n\n
Before enforcing any form of password expiration, there are a few settings that should be reviewed to ensure that expiration will not have undesired consequences on managed resources.<\/p>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0Settings > Security<\/strong> and find the Password Settings > Password Aging<\/strong>\u00a0section:
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/settings-security-password-settings-aging.png\")
\n- \n
- Review the first setting for most recent passwords cannot match each other (limit historical reuse)<\/strong>. It’s recommend this be enabled with a value of at least 1.<\/li>\n\n\n\n
- Determine if you want to enable the Allow password change after expiration <\/strong>setting. When passwords expire, access to resources through JumpCloud will be disrupted. This option allows users a path to self-recover from an expired password upon login to their User Portal or managed device.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Go to the\u00a0Password Configurations\u00a0<\/strong>section:
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/settings-security-password-configurations.png\")
\n- \n
- For any configured instances of Google Workspace, M365\/Entra ID, RADIUS, or LDAP, ensure the desired settings are selected for Password Expiration. These settings will determine if users are maintained, removed, disabled, or have access removed when passwords expire. Take into consideration if you want user email accounts suspended and emails bounced while passwords are expired, or if Wi-Fi access should be cut off from the device the user is logged in to.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click\u00a0Save\u00a0<\/strong>when finished.<\/li>\n<\/ol>\n\n\n\n
Initiating a Reset within a Limited Timeframe<\/h3>\n\n\n\n
This is a good option if there is a desire to enforce a reset, but urgency allows for this reset to take place within a prescribed timeframe. Providing a window of time for users to perform a reset can be less disruptive to productivity and distribute the potential admin remediation should a user experience confusion or challenges with the reset.<\/p>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Navigate to\u00a0Settings\u00a0<\/strong>>\u00a0Security\u00a0<\/strong>and scroll down to the\u00a0Password Settings > Password Aging<\/strong>\u00a0section.<\/li>\n\n\n\n
- If not yet enabled, enable the days until password expiration<\/strong> setting and update the number of days that you\u2019d like to allow for your organization to reset all passwords. <\/li>\n\n\n\n
- Determine if you want to enable the days prior to password expiration, require password reset at login<\/strong> setting for a certain number of days prior to expiration. This is the same prompt that all users receive prior to expiration, but is not dismissible, thus a nice way to ensure users don\u2019t delay a reset in the days leading up to expiration. <\/li>\n\n\n\n
- Click Save <\/strong>when finished.<\/li>\n<\/ol>\n\n\n\n
Initiating a Reset Immediately<\/h3>\n\n\n\n
This method of initiating reset will be far more disruptive to active users within an organization and will also ensure that compromised passwords are no longer active. Please consider the urgency of action appropriate to the identified vulnerability.<\/p>\n\n\n\n
When passwords expire, users will lose access and their account status will be updated on all JumpCloud managed resources. This may include access to emails that can notify them of expiration, communication applications commonly used to recover users, devices, and networks those devices are connected through.<\/p>\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\")
<\/p><\/div>Warning:<\/strong> \nLinux users will be logged out of their device and require admin intervention to restore their access.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
If opting to force a reset via expiring passwords immediately, consider if you would like users to be able to self-recover from this expiration. The Allow password change after expiration<\/strong> setting, when enabled, will allow users to use their expired password to enter a reset flow in the JumpCloud User Portal or a managed device at login.<\/p>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to\u00a0USER MANAGEMENT<\/strong>\u00a0>\u00a0Users<\/strong>.<\/li>\n\n\n\n
- Select the users needing a password reset.<\/li>\n\n\n\n
- From the\u00a0More Actions <\/strong>menu, select\u00a0Force Password Change<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/user-mgmt-users-force-password-change.png\")
<\/li>\n\n\n\n- Review the Force Password Change confirmation modal and if correct, click\u00a0Force Change.<\/strong>
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/force-password-change-confirmation.png\")
<\/li>\n<\/ol>\n\n\n\nResetting Passwords using a Reset Request<\/h2>\n\n\n\n
If there isn\u2019t great urgency, requesting a reset of passwords is the least disruptive option for initiating an org-wide reset. While protecting productivity, when a request isn\u2019t disruptive, it also tends to be less effective in prompting users to take action, so this is not a recommended path of remediation if there is a concern that passwords may be compromised.<\/p>\n\n\n\n
Sending an Admin-specified Reset Request<\/h3>\n\n\n\n
There is a way to send a password reset request through the JumpCloud Admin Portal that comes in the form of an email to each user’s company email address. The user follows a link in the email to a reset form that requests a new password and a confirmation of that password. This is a simple flow, but as mentioned above, users may be rightfully skeptical of the request if they aren\u2019t expecting it\u2014if you decide to use this method, we suggest letting users know in advance to expect the email from JumpCloud. <\/p>\n\n\n\n
- Go to\u00a0USER MANAGEMENT<\/strong>\u00a0>\u00a0Users<\/strong>.<\/li>\n\n\n\n
- Navigate to\u00a0Settings\u00a0<\/strong>>\u00a0Security\u00a0<\/strong>and scroll down to the\u00a0Password Settings > Password Aging<\/strong>\u00a0section.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Determine if you want to enable the Allow password change after expiration <\/strong>setting. When passwords expire, access to resources through JumpCloud will be disrupted. This option allows users a path to self-recover from an expired password upon login to their User Portal or managed device.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Go to\u00a0Settings > Security<\/strong> and find the Password Settings > Password Aging<\/strong>\u00a0section:
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/user-mgmt-users-resent-email.png\")
<\/li>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/07\/jumpcloud-password-reset-email.png\")
<\/li>\n<\/ol>\n\n\n\n