Configure Password and Login Management in Assure System Settings

Summary

This article explains how to configure password policies and login security settings in Assure, including password complexity requirements, expiration rules, account lockout policies, and notification settings for failed login attempts.

Prerequisites

• System Administrator role or equivalent permissions in Assure
• Access to System Configuration > System Settings
• Valid email address for lockout notifications (if using Login Management)
• Understanding of organizational security policies

Available to watch in - French, German, Spanish, Italian, Polish, Dutch, Brazilian, Portuguese, Chinese (Simplified)

Password and Login Management

Accessing Password and Login Management Settings

1. Log into the Assure system with System Administrator credentials
2. Navigate to Settings from the main menu
3. Click System Settings

4. Scroll down to the Password and Login Management section

Password Management

Password Management allows a System Administrator to decide the parameters in which a user can create their password, as well as deciding the frequency at which a user should change their password. There are several options within this section

• Use Password Management - This must be ticked in order for the below selections to be applied to the system. If this box is not ticked there will be no password management in place within the system
• No. Of Days Before Password Expires (0 = password never expires) - Decide the length of time in days before a user must change their current password. If this is set to 0 users will never be forced to change their password when logging into the system 
• Minimum Password Length - Set a minimum length for any password within the system. 
• Include At Least One Lowercase Alphabetical Character (a-z) - The user must include at least one lowercase character within the password
• Include At Least One Uppercase Alphabetical Character (A-Z) - The user must use at least one uppercase character within the password 
• Include At Least One Numeric Character (0-9) - The user must include at least one number between 0 and 9 within their password
• Include At Least One Non-Alphanumeric Symbol (!@#$ etc.) - The user must include at least one special character within their password

Configuring Password Management

1. Tick the checkbox Use Password Management to enable password policies (this must be enabled for all password settings to apply)
2. Configure No. of Days Before Password Expires (0 = never expires):
   • Enter the number of days (e.g., 90, 180)
   • Enter 0 to disable password expiration
3. Set Minimum Password Length:
   • Enter a numeric value for the minimum number of characters required
4. Enable password complexity requirements by ticking one or more of the following:
   • Include At Least One Lowercase Alphabetical Character (a-z)
   • Include At Least One Uppercase Alphabetical Character (A-Z)
   • Include At Least One Numeric Character (0-9)
   • Include At Least One Non-Alphanumeric Symbol (!@#$ etc.)
5. Select Save and Close to apply the changes

Login Management

Login management allows an Administrator to include security measures against user accounts if they enter an incorrect password on too many occasions within a specified period of time. The system will also send out a warning to a specified email address informing them of this occurrence.

• Use Login Management - Must be ticked in order to use the below Login Managagement options. If this box is left unchecked no login management will be applied
• Lock user account after this many failed login attempts - Prevents a user from attempting to login to the system after failing to log in a specified number of times within the number of minutes specified below
• During this number of minutes - An extension of the above option. Users who fail to input the correct password as many times as specified above within the number of minutes specified in this field will be locked temporarily from their account
• Number of minutes to suspend account for - Allows the Administrator to decide how long tbefore the locked user can attempt to re-enter their password
• Email address to notify when user account is locked - This will send an email to the specified address in the event that a user is locked out of the system. Upon reception of this email it is recommended that the user password be changed within the User Management area in order for them to log in initially, after which they should change their password to something more secure and in line with any Password Management settings in place.

Configuring Login Management

1. Tick the checkbox Use Login Management to enable account lockout policies (this must be enabled for all login management settings to apply)
2. Set Lock user account after this many failed login attempts:
   • Enter the number of consecutive failed attempts before lockout (e.g., 3, 5)
3. Configure During this number of minutes:
   • Enter the time window (in minutes) during which failed login attempts are counted
4. Set Number of minutes to suspend account for:
   • Enter the lockout duration (in minutes) before the user can attempt login again
5. Enter Email address to notify when user account is locked:
   • Provide the email address that should receive lockout notifications
   • This address typically belongs to a System Administrator or security team
6. Select Save and Close to apply the changes

Once you have set up Password and/ or Login Management within the System Settings, select Save and Close to apply the changes

Unlocking a Locked User Account

Resetting password for a user

1. When notified of a locked account, navigate to Settings > Users
2. Locate the locked out User account > Edit
3. Reset the user's password by typing a new password into the Password field and Confirming the new password using the Confirm Password field.
4. Select Save to apply the changes
5. Inform the user to log in with the new temporary password
6. Ensure the user creates a new password that complies with the configured Password Management settings

Send 'Reset Password' Link

1. When notified of a locked account, navigate to Settings > Users
2. Locate the locked out User account > Edit
3. Check the Send Reset Password Link checkbox
4. Save the record
5. The user will receive an email allowing them to reset their password by following a reset password link.

Notes & Warnings

• Password Management must be enabled: If "Use Password Management" is not ticked, none of the password complexity or expiration settings will be enforced
• Login Management must be enabled: If "Use Login Management" is not ticked, no account lockout policies will apply
• Zero expiration value: Setting password expiration to 0 means passwords never expire, which may not comply with certain security standards
• Failed attempts window: Failed login attempts are only counted within the specified time window; attempts outside this window do not contribute to account lockout
• Apply to all users: Password and login management settings apply to all Assure users system-wide, not individual users or groups

Examples

Example 1: Standard Corporate Password Policy

Configuration:

• Use Password Management: ✓
• No. of Days Before Password Expires: 90
• Minimum Password Length: 12
• Include Lowercase Character: ✓
• Include Uppercase Character: ✓
• Include Numeric Character: ✓
• Include Special Character: ✓

Result: Users must create passwords of at least 12 characters containing uppercase, lowercase, numeric, and special characters, and must change their password every 90 days.

Example 2: Account Lockout After Failed Attempts

Configuration:

• Use Login Management: ✓
• Lock user account after: 5 failed login attempts
• During this number of minutes: 15
• Number of minutes to suspend account for: 30
• Email address to notify: security@example.com

Result: If a user enters an incorrect password 5 times within 15 minutes, their account is locked for 30 minutes, and security@example.com receives a notification.
 

Example 3: Basic Security with No Expiration

Configuration:

• Use Password Management: ✓
• No. of Days Before Password Expires: 0
• Minimum Password Length: 8
• Include Lowercase Character: ✓
• Include Numeric Character: ✓

Result: Users must create passwords of at least 8 characters with at least one lowercase letter and one number. Passwords never expire.

Troubleshooting

Issue: Password settings not enforcing

Cause: "Use Password Management" checkbox is not enabled
Diagnosis: Users can create weak passwords or do not receive password expiration prompts
 

Resolution:

1. Navigate to Settings >  System Settings
2. Scroll to Password and Login Management
3. Ensure "Use Password Management" is ticked
4. Click Save and Close

Issue: Users not being locked out after failed attempts

Cause: "Use Login Management" checkbox is not enabled or settings are misconfigured
Diagnosis: Users can attempt login unlimited times without lockout

Resolution:

1. Verify "Use Login Management" is ticked
2. Confirm values are entered for failed attempts, time window, and suspension duration
3. Click Save and Close
4. Test by attempting login with incorrect password

Issue: Lockout notification emails not received

Cause: Incorrect or missing email address in notification field
Diagnosis: System Administrator is not notified when accounts are locked

Resolution:

1. Verify the email address is correctly entered in "Email address to notify when user account is locked"
2. Check email spam/junk folders
3. Test by locking a test account intentionally
4. Verify email delivery settings in the system

Issue: User locked out before reaching failed attempt limit

Cause: Failed attempts from previous time windows are still being counted
Diagnosis: User locked out after fewer failed attempts than configured
 

Resolution:

1. Confirm the time window setting ("During this number of minutes")
2. Failed attempts within the time window accumulate toward the lockout threshold
3. Wait for the time window to pass, or reset the user's password in User Management

Issue: Users unable to create compliant passwords

Cause: Password complexity requirements too strict or unclear to users
Diagnosis: Users report password creation errors

Resolution:

1. Review Password Management settings and ensure they are reasonable
2. Communicate password requirements clearly to users
3. Provide examples of compliant passwords (without sharing actual passwords)

Related Articles

• Using Multi-Factor Authentication for User Login
  Learn how to enable MFA in Assure to add an extra layer of security beyond passwords.
• User Management Using the Assure Customer API
  Automate user account creation, updates, and password resets via the Assure Customer API.
• Assure SSO Azure AD Configuration Guide - UK (EMEA)
  Configure Single Sign-On with Azure Active Directory for streamlined and secure authentication.

Cross-Module Relevance
None. Password and Login Management is a system-wide configuration that applies universally across the Assure platform. It does not span multiple product modules but affects all user authentication processes in Assure.

Metadata

Product Area: System Configuration, User Management, Security Settings

User Role: System Administrator, IT Administrator

Tags: password policy, login security, account lockout, password expiration, password complexity, failed login attempts, user authentication, security settings, system configuration

Version/Region: Assure (all versions and regions)

Deprecated?: No

Important synonyms: Password policy, account security, login policy, password rules, authentication settings, user lockout, login restrictions

Suggested embedding keywords: password management, login management, account lockout, password expiration, failed login attempts, password complexity, user authentication, system settings, Assure security