Managing User Passwords

Password Requirements for User Authentication

The Secret Server password policy for your user accounts is determined either through Active Directory or through Local User Passwords settings. To configure settings for Local User Passwords, navigate to Admin ZZ_BAR_ZZ Configuration ZZ_BAR_ZZ Local User Password tab and click Edit.

To meet Common Criteria Compliance regulations, passwords must be a minimum of 16 characters and include any subset of the following requirements (as demonstrated below):

  • Upper case letters

  • Lower case letters

  • Numbers

  • These Special Characters: ! @ # $ % ^ & * ( )

Edit Configuration

Passwords in Secret Server are randomly generated according to admin-defined password complexity policies. By default the generator requires at least one upper case letter, one lower case letter, one number, and one symbol. The number of each type of character can be modified, and custom character sets can be created and used in password policies.

Create New Password

Resetting User Authentication

To reset an Active Directory user account password, you must go through Active Directory.

To reset a Local User Password, follow these steps:

  1. Navigate to Admin | Users.
  2. Select the user who needs a reset.
  3. Select Edit.
  4. Type a new password twice. This is a temporary password that you must provide to the user. Immediately after the user logs into Secret Server they will be prompted to change their password.

If you are locked out of the Secret Server Local administrator account and you cannot request a reset through a linked administrator email account, contact the Delinea Support Team to request a password reset, and have your organization’s security pin code at hand.

Setting Local User Password History Requirements

Ensure that local users cannot re-use old passwords to an administrator-settable number of past passwords used by that user.

  1. Navigate to Admin ZZ_BAR_ZZ Configuration ZZ_BAR_ZZ Local User Passwords
  2. Click Edit.
  3. Check the toggle box next to Enable Local User Password History.
  4. Set the number of historic passwords you would like to block for Secret Server Users.
  5. Click the toggle next to All to block users from ever re-using any previous password.
  6. Click Save to save changes.

Edit Configuration Local User Passwords