Password Expiration Prompt After Profile Change to Never Expires

Issue

When a user profile is changed, the old profile password policy remains active until the user resets their password.

Root Cause

Password policies are applied at the time of a password reset. Similarly, even when a profile is changed, the password policy of the old profile remains in effect until a password reset is performed.

Here is an example scenario:

• As of January 1, 2023:

  • User 1's profile is "Standard Profile A."

  • "Standard Profile A"'s [User passwords expire in] setting is [90 Days].

  • User 1's password expiration date is April 1, 2023.

• March 1, 2023:

  • The System Administrator user changes User 1's profile to "Standard Profile B."

  • "Standard Profile B"'s [User passwords expire in] setting is [Never Expires].

In this case, User 1's password expiration date remains April 1, 2023. When the deadline is reached, the user will be prompted to change their password upon login.

Once the password change is completed, the [User passwords expire in] setting of [Never Expires], configured in "Standard Profile B," will be applied to User 1.

Similarly, if User 1's password is changed via a password reset before April 1, 2023 (after the profile change), the [User passwords expire in] setting of [Never Expires] will be reflected at that moment.

You can check the profile change history for the past six months in [Setup Audit Trail].