Support Center

Security Settings

Password Complexity Management

JumpCloud’s password complexity settings give administrators the option to control the level of complexity of the passwords users create for their JumpCloud accounts. The user account password governs access to not only the JumpCloud user account, but also to all resources the account has access to, such as computers and SSO applications. You can create and enforce the use of strong passwords across your organization to help protect your org and its users from hackers and security breaches.

There are various guidelines for password complexity and compliance. Be sure to enforce password complexity requirements that adhere to your org’s security policy standards. For details about PCI compliant password settings, see requirement 8 in the PCI DSS v3.2.1 document. For details about NIST password guidelines, see section 4 of NIST Special Publication 800-63B.

To configure password complexity:
  1. Log in to the JumpCloud Admin Portal:
  2. Go to Settings, then click the Security tab.
  3. Select options from the Complexity section.
  4. Click save changes.
Password Settings:
  • Minimum Length: Set the minimum number of characters required.
  • Complexity: Optionally, select one or more password complexity requirements to apply to all user passwords in the organization. When you select a complexity, organization users aren't able to create a password that doesn't adhere to the selected complexity.
  • Originality: Prevent the user from inserting their username in the password.
  • Maximum Length: Currently, password length can't be limited to a certain number of characters. 
Password Aging: 
  • The number of new, unique passwords a user has to create before one they can reuse a previous password. You can specify a number between 1 and 10. 
  • Set a number of days after which the password will expire and force the user to create a new password. The date the user password expires is N days from the time the setting was last changed/saved, where N is the number of days specified for the setting. 

    When this option is enabled, users will receive one email a day for 7 days leading up to expiration requesting a password reset. When users click the Reset Password button in the email, they are given a way to update their password that is specific to the system they are using. If JumpCloud the user is on a Mac system, they are shown a page that directs them to change their password in the JumpCloud Mac app. If JumpCloud detects the user is on a Mac or Linux system, they are taken to the User Password Reset page.

  • If you choose to have passwords expire, you can:
    • Require that users reset their passwords when they log in to the User Portal for [N] days before their password expires. The default number is 10 days. If this option is selected, users are shown the password change prompt for the 10 days prior to their password expiring. This modal can’t be dismissed.
    • Require that users reset their passwords when they log in to the User Portal for the [N] days after their passwords expire. The default number is 10 days. If this option is selected, users are allowed to log in to the User Portal using expired credentials and are shown the password change prompt for the 10 days after their password expires. This modal can’t be dismissed.

      ImportantUsers on JumpCloud managed Mac systems are strongly encouraged to update their passwords in the JumpCloud Mac app to keep their JumpCloud password in sync with Keychain and FileVault. This option encourages users to change their password in the User Portal, which would require a system restart to sync passwords on Mac systems. Use care when selecting this option and educate your Mac users of the preferred password reset methods.
  • Individual users can be exempted from password expiration, see Getting Started: Users
  • If a password expires, users are locked out of all endpoints, including email. Admin assistance is required to restore the account. See Unlock User Accounts.
  • Set the number of times a user may have failed login attempts before locking the account from access.  Account lockout is triggered from and will lock the user out of:
    • User Console
    • System endpoints
  • Lockout will not affect G Suite or Office 365 to accommodate self-service password reset via email.
  • After a user account is locked due to failed login attempts, admins can restore the account using the JumpCloud Admin Portal. See Unlock User Accounts.
Changing Password Complexity:

When you change the complexity requirements, a confirmation window, Apply New Password Requirements appears before you commit changes. 

  1. Enforce Password Reset at Specific Date and Time - Specify the date and time users will be required to change their password and meet the new complexity requirements.  If the user does not reset their password by this time, the user will be locked out until a password reset is performed.
  2. Enforce Password Reset on Next Password Change - Users will not be required to change their password and meet the new password complexity requirements until the next password change.


Last Updated: Jul 15, 2019 03:13PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found