Loading

Manage Password Expiration with Password Policies

Date de publication: Oct 13, 2022
Description

Organization-wide Password Policies are mirrored to all profiles in the Organization.

Until you set the Password Policies on a Profile or click save on a profile (both standard and custom)., the Organization-Wide Password Policies apply to its Users. 

Circumstances when this setting is not applicable:

  • Users with the 'Password Never Expires' permission sets
  • Users assigned a profile with the 'Password Never Expires' feature enabled

The user password will expire but it's not enforced and the user is not forced to change the password.  

Note: You cannot set user password expiration date if the "Enforce Password History" is set to "No password remembered"

Sample validation error:

"Error: Can't set password expiration because your org's password history is set to "No passwords remembered".

 

 

Résolution

When set, the profile’s Password Settings override the Organization-Wide Password Policies only for the new users. For existing users, new Profile Password Policies take effect when they reset their passwords.

The Profile Password Expiration date is updated only if the new expiration date is earlier than the old expiration date or if new expiration date is 'Never Expires.' Therefore, the expiration date can only be more restrictive, unless you remove password expiration altogether with 'Never Expires.' 

Example 1

  • Change made on 09/01/18 for Org Wide to 90 days
  • Change made on 10/01/18 for Profile A to 180 days

The Profile A users' passwords will expire on 11/30/18, 90 days from the date when the org wide setting was updated.

Notes: 

  • In the meantime, if users are changing their passwords, then their passwords will expire in 180 days from the date when the password was updated.
  • For new users, the password expiration will be 180 days.


Example 2

  • Change made on 09/01/18 for Org Wide to 90 days
  • Change made on 10/01/18 for Profile A to 180 days
  • Profile A users password is changed on 10/10/18

The Profile A user's password expiration date will be 180 days from 10/10/18. Once a user's password expires, they will be asked to set a new password upon logging in to their org.

Notes:

  • For new users, the password expiration will be 180 days.
  • If the Profile A users are not changing the password, the users password will expire on 11/30/18, 90 days from the date when the org wide was set.


Example 3

  • Change made on 09/01/18 for Org Wide to 180 days
  • Change made on 10/01/18 for Profile A to 90 days

The Profile A users' password expiration date will be 90 days from 10/01/18.


Example 4

  • Change made on 09/01/18 for Org Wide to 90 days
  • Change made on 10/01/18 for Profile A to Never Expire
  • Change made on 10/02/18 for Profile A to 180 days

The existing Profile A users' password expiration date will be 180 days from 10/02/18.

Related articles:

Set Password Policies

View and Edit Password Policies in Profiles


 

Numéro d’article de la base de connaissances

000387773

 
Chargement
Salesforce Help | Article