CloudBlue Commerce allows the setting of separate password expiration policies for all CloudBlue Commerce account types: provider, reseller and customer.
The password expiration policy is defined per account type. For provider and reseller accounts, the policy is applied on three hierarchy levels: own users (staff members and service users), subordinate reseller accounts and subordinate customer accounts. Settings defined for a reseller account are propagated to resellers' own resellers and customers.
Customer accounts can define password expiration settings for their own users only.
By default, the password expiration policies for all types of user accounts have the following settings:
- Password expiration: Disabled
- Policy locked: No
- Expiration period: 0 days
To configure password expiration policies for different types of CloudBlue Commerce accounts, perform these steps:
- Go to System > Settings > Security in the Core group > Setup tab > Password Expiration Policy subtab.
-
To set the password expiration policy for the provider's users, click Edit in the Own users area policy fieldset:
- To enable password expiration, select the Enable password expiration check box.
- Set the length of the password expiration period in days in the Expiration period field.
- To lock the policy, select the Policy locked check box. Locking the policy will make it impossible to set individual password expiration settings for selected staff members, and will force the policy values to all staff members and service users created under the provider account. The provider's staff members with the appropriate privileges can unlock the policy at any time later.
- Click Submit.
-
To set the password expiration policy for resellers, click Edit in the Reseller's area policy fieldset and perform the actions described in Step 2 of the current procedure.
The policy will be applied to the resellers' own users, and to users which belong to their subordinate reseller and customer accounts.
Locking or not locking the policy will result in the following:
- If you do not lock the policy for resellers, reseller account users will be able to edit the password expiration policy defaults set by the provider. If these defaults have already been customized at the reseller level, the customized values are preserved.
- If you lock the policy for resellers, reseller account users will be unable to edit the password expiration policy values set by the provider. If the policies have already been customized at the reseller level, all values are replaced with those of the provider's locked policy.
-
To set the password expiration policy for customers, click Edit in the Client's area policy fieldset and perform the actions described in Step 2 of the current procedure.
The policy will be applied to customers' users.
Locking or not locking the policy will result in the following:
- If you do not lock the policy for customers, customer account users will be able to edit the password expiration policy defaults for their users. If these defaults have already been customized at the customer level, the customized values are preserved.
- If you lock the policy for customers, customer account users will be unable to edit the password expiration policy values set by the provider. If the policies have already been customized at the customer level, all values are replaced with those of the provider's locked policy.
Note: After a user specifies a new password, CloudBlue Commerce checks it against the database. If the password has already been used by this user within the defined password history storage period, CloudBlue Commerce returns an error message. This is done to ensure that a user does not specify the same password several times. The password history check is performed for a user only in case the password expiration is enabled for this user.
Note that, besides setting the group policy for all your users, you can set individual password expiration settings for a selected staff member.