Password Security Policy settings

At Setup > Global Settings, you can define the general settings of your Ivanti Automation environment, and the default settings of Dispatchers and Agents.

  • Use Password Security Policy settings to manage the behavior of password security on login accounts using Ivanti Automation Authentication.
  • These global settings are only available at global level and cannot be set for individual login accounts. However, you can choose to not apply the global Password Security Policy for individual login accounts.

Password Security Policy

Password age

Specifies the number of days a password can be used before a Console user is required to change it.

  • The default value is 60 days.
  • If you enable the Password age setting, the current date will be set as the "last password change date" for all existing Ivanti Automation logins. In environments with many login accounts, this can take up some time.
  • When the password is changed by the administrator, the current date will also be set as the "last password change date" for the selected login account.

Password complexity

Specifies the number of required character types in the password (uppercase, lowercase, numbers and symbols). This setting has a fixed value of 3 character types.

  • You can use any of the following symbols: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

Password history

Specifies the number of passwords that will be stored; this determines how frequently old passwords can be reused.

  • The default value is 6 passwords.
  • Ivanti Automation uses FIPS-compliant cryptography to store the password history.

Minimum password length

Specifies the minimum number of characters that need to be used in new passwords. The default value is 8 characters. The maximum password length is 50 characters.

Account lockout threshold

Specifies the number of password retries before a user account will be locked. The default value is 6 retry attempts.

When enabling the global Password Security Policy, it will become effective immediately. The password complexity check will be applied upon next password change.

Best practice:

When implementing the global Password Security Policy, first exclude the login accounts and then enable the global Password Security Policy.