How to change the Sisense password policy

Comments

9 comments

  • Official comment
    Avatar
    Ahuva Hazan-Fuchs (Edited )

    This article was updated:

    1. Added explanation of how to modify the password error message 
    2. Updated that password policy change does not invalidate existing passwords, and is enforced only upon password change.

     

    Comment actions Permalink
  • Avatar
    Brian Bontrager

    Do all existing passwords need to conform to the new policy before the securityConfig is updated? 

    0
    Comment actions Permalink
  • Avatar
    Bobbie Peterson

    Ok, well the online documentation needs to be updated online.... But it doesn't update the instructions on the screen with the new rules when the user is changing their password.

    Please see the attached picture. It tells the user "Please use at least 6-characters." How do I update this???




    Sisense Password.PNG
    0
    Comment actions Permalink
  • Avatar
    Bobbie Peterson

    This article is wrong and needs to be updated. The right format for this example above is :

    {
    "passwordRegex": "^(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\\s).{8,20}$"

    }Also instructions on how to update the onscreen instructions for the users to know the new rules should be included.

    0
    Comment actions Permalink
  • Avatar
    Malinda Jepsen

    Does this still work in 6.4.1 and can it be used to reduce the security constraints set in the new version?  For example, we use SSO, so we send an encrypted password to Sisense and can't guarantee that it will have special characters in it.

    0
    Comment actions Permalink
  • Avatar
    Arik (Edited )

    Hi Malinda,

    Sorry for the long delay.

    If you use SSO - This post is irrelevant because the passwords are not saved within Sisense.
    The SSO handler code passes the authentication cookie directly, so the password policy is only managed by your external application.

    If this doesn't make sense - please feel free to submit us a ticket on the subject.

    Thanks!

    Arik

    0
    Comment actions Permalink
  • Avatar
    Malinda Jepsen

    Thanks Arik.  I wasn't being very clear.  When I said "send an encrypted password", I was referring to when we CREATE our users with an API call. Does the API enforce the policy or just the UI for creating/logging in users? 

    0
    Comment actions Permalink
  • Avatar
    Arik

    Hi Malinda,

    Thanks for the swift reply.
    This configuration affects the policy of all passwords created and maintained in Sisesne, UI and API alike.

    Hence, no new password will be saved or changed if it doesn't comply to the specified RegEx.

    Hope this is clearer.

    Arik

     

     

    0
    Comment actions Permalink
  • Avatar
    Malinda Jepsen

    Thanks Arik.  FYI: We were able to use a "down-graded" regular expression that accepts our encrypted passwords since all of our users are created via the API for SSO.

    0
    Comment actions Permalink

Please sign in to leave a comment.