Docebo’s password policy ensures maximum security in order to protect your platform's privacy. This article will outline how to manage your platform’s policy as a Superadmin.
Managing the Password Policy
As the Superadmin, you can apply a specific password policy to better fit your company's needs. Begin by accessing the Admin Menu by scrolling your mouse over the gear icon in the top right corner of your platform. Then, press the Advanced Settings item in the Settings section. Once in the Advanced Settings menu, select the Password tab from the tab menu.
In the options menu, set if you want to enforce the following options:
- Password must include both letters and numbers. Users will receive an error message if they try to create a password with only letters or only numbers. Additionally, they will receive an error message if they use three consecutive letters or three consecutive numbers.
- Password must be different from the username. Users will receive an error message if they try to create a password that matches their usernames.
- Enable option in User Management to "Force users to change their password at their first login" by default upon user creation. Users who self-registered in the platform will be prompted to change their passwords after they first log into the platform.
- Password dictionary check. This will check a dictionary to see if there are any common English words used in the password. If the dictionary finds a common word, the user will be asked to set a new password. If you do not flag this option, the check will not be performed, and users can use common English words in their passwords.
Use the corresponding text box to type in the minimum number of characters required for a valid password. The default minimum number of characters is 6, but this can be changed, as desired.
Type in the maximum number of days for which the password will be valid. When this value is set to 0 (zero), the password will be valid for an unlimited number of days.
As an option, you can force the user to choose a password different from the last number of previously-used passwords using the Ask the user to choose a password different from the last X used passwords option (for example, a user cannot use a password that was within the last three passwords they used). When this field has no value, the platform won’t perform any check on the previously used passwords. The accepted values for this option are 1 to 10.
Now, move to the Users tab of the Advanced Settings menu. Activate the Automatically Calculate Password option in the Options section to enable the platform to automatically generate a password for users, upon creation. When this option is selected, passwords are automatically generated both for users manually created, and for users created via API. The password will not be regenerated when users are updated.
Set the Maximum number of consecutively failed sign in attempts in the corresponding section. The default value for this parameter is 3; set it to 0 (zero) to leave your users an unlimited number of login attempts. When the maximum number of failed attempts is reached, all subsequent sign-in attempts will be blocked for 10 minutes. The block applies to the IP address from which the sign-in to the system was attempted.
Accessibility Hint: Consider setting this parameter to 1 only when it is strictly necessary. Having no opportunity to retype the password more than one time can be a great disadvantage for some users. Learn more on accessibility in your platform.
Once a user is logged into the system, they always have the option to reset their passwords.
Please note that if you are creating users via API as the Superadmin, none of the configurations that you set in the Advanced Settings menu related to the password policy will be applied to the users created via API.
Changing a User’s Password
As the Superadmin, you can manually change a user’s password, you can do so from the User Management page in your platform. Access your platform as the Superadmin, then scroll your mouse over the gear icon in the left sidebar. Press the Users item in the E-Learning section.
Find the user in the list of users on the bottom half of this page, click the ellipsis menu at the end of the user’s row, then select Edit item in the dropdown menu.
In the slideout panel, type in the new password into the corresponding text box, then retype it into the text field below. You need to confirm that all mandatory fields (marked with asterisks) are filled out as well. When you’re finished, press Update. The user must use the new password upon the next log into the platform.
There are a few password restriction policies that are forcibly applied across all Docebo platforms. These policies cannot be changed. Passwords cannot contain:
- Only sequences or repeated characters (12345678, 22222222, abcdefg)
- Adjacent key placement (qwerty, asdfgh)
- Common, easily-guessable password terms (password, password123, admin, administrator)
- To ensure your platform’s security, the Docebo’s Support team cannot change the password of Superadmins. As a Superadmin, you can change your password as any other user, as described in the dedicated article of the Knowledge Base.
- If more users share the same email address, the password reset email will be sent to only one of the users associated with the email address. To avoid this make sure not to create multiple users in your platform using the same email address.