Password policies

Overview

Password policies determine the required complexity when passwords are reset by a user or when passwords are generated (e.g., when a new user is created). The password policy in Cayosoft Administrator should be of at least the same complexity as the password policy set up in your Active Directory and Microsoft 365 environment (if you're creating hybrid users). Otherwise, Cayosoft will allow you to create a weak password but then you may receive errors directly from the Active Directory or Microsoft 365 that the password does not meet the complexity requirements.

Default Password Policy

The default password policy is configured on the individual extension level. This default policy is applied for all password management-related operations performed in the Web Portal.

NOTE: The default password policy can be overridden by the Attribute Policy for Password Generation.

Locate the Default Password Policy

1. Open the CCayosoft Administrator console.
   

2. Navigate to Active Directory Extension > Password Generation Options section.

Attribute Policy for Password Generation

Attribute Policies for passwords allow you to apply a password policy at the Web Query level in the Web Portal. By applying a password policy to an individual query you can have multiple password policies for different types of users. For example, Executives and IT Administrators may require a more complex password than regular users.

Create an Attribute Policy for Password Generation

1. Open the Cayosoft Administrator console.

2. Navigate to Attribute policies .

3. Click Add Attribute Policy.

4. In the name field type Complex Password Generation Policy.
   

5. Expand Policy Details.

6. Click Add Scope.

7. Select the Admin Unit and Web Query where the policy should be applied.

8. Select the Reset Password action then click OK.

9. Select the scope that was created in steps 6,7 and 8. The attributes from the Reset Password command will appear in the Attribute Policy Settings window.

10. Select password from the list then click Edit Policy.

11. Configure the policy as needed.

12. Click OK.

13. Click Save Changes.

How to allow using spaces in passwords

1. Open the Cayosoft Administrator console.

2. Navigate to Home > Configuration > Connected Systems Extensions > Active Directory.
   

3. Open the Password Generation Options section.

4. Click Configure to configure Password Policy.

5. In the Configure Password Policy window, select Enable Policy.

6. Open the Special Character Rules section.

7. Select Allow any Special Characters.

8. Click OK.

9. Click Save Changes.

Password Policy Parameters

When you configure the password policy you can define the following rules:

1. Length and Character Rules - determine the password length, possible alphabetical characters, and numeric characters.

2. Special Character Rules - define the special characters allowed or forbidden in passwords.

3. Pattern & Sequence Rules - allow excluding similar characters in generated passwords, prevent palindromes and characters sequences and patterns, etc.

Notes

• When Microsoft Entra Password Protection is enabled in your on-premises environment, Cayosoft Administrator relies on the Active Directory authentication logic. When a user attempts to set a password violating the Entra banned password list via Cayosoft Administrator, a generic Active Directory error message is displayed:

  The password does not meet the length, complexity, or history requirement of the domain.

  It is recommended to configure the Cayosoft Administrator built-in password policy settings to match or exceed the Microsoft Entra Password Protection requirements to proactively prevent password reset conflicts and prevent any confusion.

  IMPORTANT: The error text is a generic message generated by Active Directory; it may appear in a different context and may be related to a different issue (e.g., a GPO password policy conflict, a fine-grained password policy conflict).