Delinea Documentation - Secret Server - current

Template Password Requirements

Note: Please click the table of contents on the left to see any sub-pages to this one. Click the table of contents on the right to see headings on this page.


A password requirement is a stored Secret Server object that defines the requirements on a password text-entry field to validate user-entered passwords or make auto-generated passwords conform to set specifications. You can have multiple password requirements, but only one can be set to the default.

A password requirement is made up of a minimum and maximum length, a set of characters, and optional rules such as "At least three upper-case characters" or "The first character must be lower-case". The default password requirement is 12 characters from the default character set with at least one upper-case, lower-case, numeric, and symbol character.

Creating a Custom Password Requirement

To create a new password requirement:

  1. Go to Admin > Secret Templates. The Manage Secret Templates page appears.

  2. Click the Password Requirements tab.

  3. Click the Create button. A popup appears.

  4. Type the name of the new password requirement in the Name text box.

  5. (Optional) Type a description of the new password requirement in the Description text box.

  6. Click the Minimum Password Length spinner to select or type a minimum allowed password length.

  7. Click the Character Set dropdown list to select a character set for the password. The out-of-the-box default is abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*().

  8. If you want the password requirement to become the new default, click to select the Is Default check box.

  9. Click to select the desired password no-no check boxes. The options are:

  10. Click the Save button. The popup closes and the page for the new requirement appears (containing the choices you just made for the details and generation sections):

  11. Scroll down to the Password Validation section.

  12. Click the Edit button. The section expands.

  13. Most of the validation rules are ones you have already set with these two exceptions, which you can now set:

  14. Go to the Starting and Ending Character Validation section.

  15. Click the Edit button.

  16. To require specific starting characters, click to select the Require Specific Starting Characters check box. Two hidden controls appear. This allows you to make rules such as "password must start with three symbols and end with two lowercase letters."

    Note: "Start and end with" rules can decrease the password entropy (resistance to brute force attacks).

  17. Type or click the spinner to set the number of required starting characters.

  18. Click the characters from dropdown list to select the character set to draw the characters from.

  19. Repeat the procedure for any desired ending characters.

  20. Click the Save button. An edit button now appears for the Character Count Validation section.

  21. To set character count validation rules:

    1. Click the Edit button for the Character Count Validation section. The section expands.

    2. Click the Add Rule button and select the rule type, either Minimum Required Characters Rule or Maximum Consecutive Characters Rule. A character count validation rule appears.

    3. For the first rule type, type the number of characters and select what character set they must come from, for example, "Minimum 5 characters from Upper Case (A-Z)."

    4. For the second rule, type the number of characters and select what character set they must come from, for example, "Maximum 5 characters from Lower Case (a-z)."

    5. Once you create more than one rule, the Minimum Required Character Count Rules dropdown list appears. This allows you to set whether you want a minimum number of rules enforced from those you created or all of them.

    6. Create as many additional character count validation rules as you desire by clicking the Add Rule button and repeating the procedure.

    7. Click the Save button.

  22. Review the Password Rule Strength section to see how strong your choices are and any recommendations for improvement. The two tests are:

Note: The explicit character rules cannot conflict with the implicit ones you created earlier or you will get an error when saving. For that reason, we suggest leaving the password requirements character set set to the default. Carefully consider any other conflicts if you get an error.

Note: To set a custom password requirement for a specific secret, use the "Customize Password Requirement" in the Security tab of a secret.

Note: You can enable or disable the validation of manually entered passwords at the secret template level via the "Validate Password Requirements on Create" and "Validate Password Requirements on Edit" settings.

Note: The "What Secrets Do Not Meet Password Requirements" report shows secrets containing a password that does not meet the password requirements set for its secret template.

Note: Password requirements cannot include rules with overlapping character sets. For example, if an attempt is made to add both a "Minimum of 1 upper-case" rule and a "Minimum of 3 Default" rule to a new password requirement, an error displays.