Account Admins can set the account's password policy on the Manage > Security page, on the Password Policy tab. Several components can be customized:
- Passwords expire in sets the number of days before a password expires and must be reset. The minimum is 30 days; the maximum is 365 days.
- Passwords reuse after sets when a password previously used by a person can be used again.
- Users locked out after allows an admin to set when a user is locked out of his or her Sumo Logic account. The admin can choose the number of failed attempts, the amount of time during which the incorrect password is entered, and the amount of time a user will be locked out of his or her account after entering the set number of incorrect passwords.
Changing the password policy
Admins can make changes at any time for users in their organization. The updated settings are applied to each user's account the next time he or she logs in.
To change the password policy:
- Go to Manage > Security.
- On the Password Policy tab, change any of the following:
- Passwords expire in: This setting is the number of days before a password must be reset. Select an option from the menu. For this example, we chose 30 Days. So a user will need to change his or her password every month.
- Passwords reuse after: This setting is the number of times a password must be changed before a previously used password can be reused. From the menu, select the number of changes. For example, if you choose 5 Changes, a password can be reused after five new passwords have been used in a user's account.
- Users locked out after: With these options, you can determine when users are locked out of their Sumo Logic accounts using the three menus: number of failed attempts, amount of time during which the incorrect password is entered, and the amount of time a user will be locked out of his or her account after entering the set number of incorrect passwords.
For example, we chose 4 Failed Attempts from the first menu, Within 5 Minutes from the second menu, and For 60 Minutes from the third menu. This means that if a user enters four incorrect passwords in the space of five minutes, that user will be unable to log back in to his or her account for 60 minutes.
- Click Save.