Password policy in dedicated SaaS deployments

For security reasons, passwords in dedicated SaaS deployments have specific management policies and requirements. User passwords created in remote desktop in dedicated SaaS deployments must be complex and regularly updated.

General password requirements

IXIASOFT CCMS requires that passwords for users in dedicated SaaS deployments meet the following requirements:

  • Excludes your name, username, and domain name
  • Does not contain spaces

  • Contains characters from three of the following four categories:

    • Uppercase alphabet characters (A–Z)
    • Lowercase alphabet characters (a–z)
    • Arabic numerals (0–9)
    • These non-alphanumeric characters: ~!#$%^*?_-+=

Customer-specific policies

In addition to the password requirements, there are also general rules that IXIASOFT CCMS has for passwords. These rules are configurable, so you can change them depending upon your own company's policies. However, in all cases the default values set the minimum restrictions; you can only set more restrictive rules.

Policy Description Default value Permitted values
Password length Number of required characters. 8 characters 8 characters or more. No less than 8 characters.
Password age How long before a password expires
Note: Inactivity does not cause passwords to expire.
 180 days 180 days or less. No less than 180 days.
Passwords remembered How many previous passwords that the system prevents users from reusing. For example, the default setting prevents you from reusing any of the last 24 passwords that you used. 24 24 or more. No less than 24 passwords.
Delay before next password change How soon after you change your password that you can change it again Immediate Immediate or longer. For example, 1 day. (With "immediate", users can change their passwords the number of times specified in "passwords remembered" and reuse an old password.)
Lockout trigger Number of invalid attempts in a given time period that triggers a lockout. 5 attempts in 10 minutes 0 to 5 (no more than 5) invalid attempts within 10 minutes or more (no less than 10 minutes)
Unlock How long after an account is locked that the user can try again to change their password 10 minutes 10 minutes or more. No less than 10 minutes.