JumpCloud’s password complexity settings give administrators the option to control the level of complexity of the passwords users create for their JumpCloud accounts. The user account password governs access to not only the JumpCloud user account, but also to all resources the account has access to, such as computers and SSO applications. You can create and enforce the use of strong passwords across your organization to help protect your org and its users from hackers and security breaches.
To configure password complexity:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/.
- Go to Settings, then click the Security tab.
- Select options from the Complexity section.
- Click save changes.
- Set the minimum number of characters required.
- Maximum Length: Currently, password length can't be limited to a certain number of characters.
When this option is enabled, users will receive one email a day for 7 days leading up to expiration requesting a password reset. When users click the Reset Password button in the email, they are given a way to update their password that is specific to the system they are using. If JumpCloud the user is on a Mac system, they are shown a page that directs them to change their password in the JumpCloud Mac app. If JumpCloud detects the user is on a Mac or Linux system, they are taken to the User Password Reset page.
- If you choose to have passwords expire, you can:
- Require that users reset their passwords when they log in to the User Portal for [N] days before their password expires. The default number is 10 days. If this option is selected, users are shown the password change prompt for the 10 days prior to their password expiring. This modal can’t be dismissed.
- Require that users reset their passwords when they log in to the User Portal for the [N] days after their passwords expire. The default number is 10 days. If this option is selected, users are allowed to log in to the User Portal using expired credentials and are shown the password change prompt for the 10 days after their password expires. This modal can’t be dismissed.
Important: Users on JumpCloud managed Mac systems are strongly encouraged to update their passwords in the JumpCloud Mac app to keep their JumpCloud password in sync with Keychain and FileVault. This option encourages users to change their password in the User Portal, which would require a system restart to sync passwords on Mac systems. Use care when selecting this option and educate your Mac users of the preferred password reset methods.
- If a password expires, users are locked out of all endpoints, including email. Admin assistance is required to restore the account. See Unlock User Accounts.
- Set the number of times a user may have failed login attempts before locking the account from access. Account lockout is triggered from and will lock the user out of:
- User Console
- System endpoints
- Lockout will not affect G Suite or Office 365 to accommodate self-service password reset via email.
- After a user account is locked due to failed login attempts, admins can restore the account using the JumpCloud Admin Portal. See Unlock User Accounts.
When you change the complexity requirements, a confirmation window, Apply New Password Requirements appears before you commit changes.
- Specify the date and time users will be required to change their password and meet the new complexity requirements. If the user does not reset their password by this time, the user will be locked out until a password reset is performed.
- - Users will not be required to change their password and meet the new password complexity requirements until the next password change.