Setting Up User Password Policies

In this article:

• Creating the Password Policy
• Assigning the Policy to a System Role

In Actionstep, you can define password policies and assign them to System Roles. 

Password policies allow you to set password requirements, password expirations, day and time restrictions, and IP restrictions. There are two parts to setting up your password policy: creating the policy itself and then assigning the policy to specific roles within your system.

You can create multiple policies and assign them to specific roles. For example, if you want set up stricter restrictions for junior staff, you can create a policy for them, but still have a less-strict policy for senior staff.

Creating the Password Policy

Actionstep provides a lot of flexibility for creating the rules under which your users can sign in to your Actionstep system. 

To set up your password policy:

1. In Actionstep, go to Admin > Users & permissions. The Users & Permissions page appears.
2. In the panel on the right, click Password policies.The Password Policies page appears.
3. Click Add Policy.  The Add Password Policy window appears.
4. In the General settings section, provide the following details:
   • Policy name: Enter a name for the policy.
   • Description: Enter additional information about the policy, for example, details about the purpose of the policy. 
   • Expiry (days): Choose how frequently users are required to change their password. If you don't want passwords to expire, choose No expiry. 
   • Repeat password limit: Choose how many unique passwords the user must use before they can reuse old passwords. 
5. In the Password requirements section, provide the following details:
   • Minimum Length: Choose the minimum number of characters that are required in the password.
   • Mixed-case: Toggle this option to on to require a combination of mixed case letters in the password.
   • Numbers: Toggle this option to on to require at least one number in the password.
   • Special characters: Toggle this option to on to require at least one special character in the password.
6.  To include Days and time restrictions in the policy, toggle Enable to on and then use the available fields to choose the times of the day users can access your system. You can also choose which days of the week they can have access. (For example, if you want to limit employees' access to just the days and hours your office is open, set these options to match your office's schedule.) 
7. To include IP address restrictions, toggle Enable to on and then enter the IP addresses. 
8. Click Save to save your changes. 
9. Assign the policy to system roles, as described in the next section. 

Assigning the Policy to a System Role

Password policies can be assigned based on system roles. 

To do this:

1. Make sure your password policy is set up. (See the previous section for instructions.)
2. In Actionstep, go to Admin > Users & permissions. The Users & Permissions page appears.
3. In the panel on the right, click System roles. The System Roles page appears.
4. Click Edit for the role you want to assign the policy to.
5. In the General settings section. click the Password policy drop-down list and choose the policy you want assigned. 
6. Click Save to save your changes. 

Now, each user with that system role will have that policy enforced for their password.