Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

What is Password History Check?

The Administrators can enforce Password History Check when an End Users resets the SummitAI application password. Based on the organization’s password policy, the Password History Check can be performed, not allowing the user to reset his password to last n passwords, where, n is the last n number of passwords not allowed.

Example:

If Password History Check is enabled, and as per the organization’s Password Policy, the End User cannot change his password to last 3 passwords.

Note:

  • The Password History Check can be enabled only for the End Users trying to change their passwords.
  • The Password History Check (even if enabled) is not applicable for Master Reset (where Administrators are resetting password for End Users) and For Manager Approval (where Passwords are sent to the End Users’ Managers and Managers provides the passwords to the End Users).
  • The Password History Check works on AD Server Operating System Windows 2012 and above.
  • The Password History Check works only on non-SSL AD system.

Configuration

  • Based on the customer’s request to enable Password History check, the SummitAI Team needs to set the following key to True:
    <add key="PwdMgmt:IsPwdHistoryEnforceEnabled" value=""/>
    The default value of the key is False.

    For SummitAI Mobile App users, the above key should be added in the Mobile Services (Web.config file, MobileWS > web.config).

    In a Proxy setup (SummitAI application hosted On Cloud and AD on-premise), the above key need to be added to the Proxy Server (proxy > web.config).
  • The organization may add additional Password Checks as part of their Password Policy. They can configure a custom message as part of the Password Policy Message when the user is trying to reset the password.
    <add key="PwdMgmt:PwdPolicyMessage" value="" /> // (Web.config file, MobileWS > web.config)

    Note:

    This custom message is for display purpose only. SummitAI does not do any validations for this.

    For SummitAI Mobile App users, the above key should be added in the Mobile Services (Web.config file, MobileWS > web.config).

  • No labels