Category: security (-> must have)
I want to suggest to implement the feature: password expiration.
It would greatly improve security if passwords had to be changed from time to time (and if passwords had to be of a certain complexity).
Idea:
- the system stores a date for every user: it holds the validity date of the password.
- after password expires:
- user will be inactivated
- password needs to be changed at logon ( + reactivation)
- default expiration period (in days) can be set by admin
by: Sandor B. | 11 months ago | *All other
Comments
Thank you for the suggestion. We will consider it once we receive more support from our customer base.
Some clarifying questions:
Are you asking if this change is intended only for internal Release users? External users are managed through OIDC/LDAP providers.
What would be the default password expiration value for users in your use case?
We encourage the use of external identity providers for creating and managing users (LDAP/OIDC by connecting from Digital.ai Platform). These providers offer robust security policies for product logins. While we understand the need for internal user management, our current development roadmap prioritizes other features. Therefore, we are unlikely to implement more complex internal mechanisms for password management within the application at this time.