Loading

FAQs for Password Policies in Salesforce Sales and Service

Date de publication: Dec 12, 2025
Description

This article answers frequently asked questions (FAQs) about Password Policies in Agentforce Sales (formerly Sales Cloud) and Agentforce Service (formerly Service Cloud). It clarifies which settings take precedence between the organization and profiles, when password expiration changes are applied, and why some users are not required to change their passwords.

Résolution

Frequently Asked Questions

Q1. Where can password policies be set, and which takes precedence?

Password policies can be set in two locations: at the "Organization" level and at the "Profile" level. The profile's settings take precedence.

  • Organization Password Policies

    • Navigate to [Setup] | [Security] | [Password Policies] to configure the default policies for the entire organization.

    • See also: Set Password Policies

  • Profile Password Policies

Note: When you update the organization's password policies, the effect on profile password policies differs depending on the user interface you are using.

  • Enhanced Profile User Interface: If a profile has its own password policies configured, those settings will take precedence, and the organization-wide policies will not apply. For profiles without individual settings, the organization-wide policies will apply.

  • Original Profile User Interface: For any profile that has been edited in the past (regardless of whether password policies were changed), the organization-wide password policies will no longer apply.

Reference: Manage Password Expiration with Password Policies

 

Q2. When are changes to the "User passwords expire in" setting applied to users?

The timing depends on the change. 

  • If you shorten the expiration period:

    • The new, shorter expiration period is applied immediately, and the user's Password Expiration Date is updated accordingly.

  • If you set the expiration to "Never expires":

    • Passwords immediately become non-expiring, and the user's Password Expiration Date is set to blank.

  • If you lengthen the expiration period:

    • The old policy remains in effect until the current password expires. The new, longer policy will only apply from the next time the password is changed (i.e., after the current password has expired and the user sets a new one).

 

Q3. Why are some users not required to change their password even after it expires?

This is because the "Password Never Expires" permission is enabled on the profile or permission set assigned to that user. This permission overrides any password expiration policies set at the organization or profile level.

 

Q4. Why are users asked to change their password upon login when their profile's password expiration is set to "Never expires"?

This occurs because the user was previously assigned to a profile that had a password expiration period. A password expiration date, once set, is recorded on the user record. Changing the user's profile to one with "Never expires" does not automatically clear this recorded expiration date.

 

Q5. How can I check if a profile's password policies have been individually modified?

You can check by following these steps:

  1. From [Setup], open the organization's [Password Policies]. Temporarily change any setting and save it.

  2. Open the settings screen for the profile you want to check. See if the value for the same setting has updated in sync with the organization's change.

  3. If the value did not change, it means the profile's password policies have been individually modified in the past and are no longer in sync with the organization's policies.

Numéro d’article de la base de connaissances

001094362

 
Chargement
Salesforce Help | Article