How to configure Password Policy in Service Desk

Dec 28, 2023

117

Password policy lets you define the criteria that needs to be followed when agents set their Service Desk account password.

Required Permission

Manage Security Settings

Agents with this permission will be able to access the Security module under Service Desk > Manage > General Settings section.
This is a Account Level Permission.

Adding Password Policy to your account

Follow the steps explained below to configure and enforce password policy for all users,

1. Navigate to Main Menu > Manage > General Settings > Security > Password Policy

2. You can now configure the policy you need based on your requirements.

3. The following settings can be configured for the password policy

Setting(s)	Description
Minimum Password Length	The number of characters the password should possess. You can choose between 8 - 20 characters maximum for the password length
Required Character Types	Select the Character types that should be allowed or mandated when creating the password Lowercase Uppercase Number Special Characters
Disallow username in password	You can restrict the agent from using the username as their account password thereby forcing them to set up a unique password.
Password expiry (days)	You can set the days after which the password will expire. This will force the agents to reset their password after the specified days.
Number of previous passwords that cannot be reused	You can restrict the agents from not using the previous old passwords when they set or reset their password.

Enabling Password Policy

Once you have configured the required password policy you can then click on the Enable Password Policy Toggle and Click on Save.
You will be prompted to choose the day/date from when the password policy should be imposed to all accounts.
Choose tomorrow or a later date and save your settings.
Once enabled password policy will be active for all new Agents Account Signups, Password Resets etc.

Password policy assistance for the user

When an agent or an admin tries to change their password, the password policy will be displayed for their assistance.
This will also be displayed when an admin resets a password manually for a different agent or admin from the Manage > Agents > Agent Details page > Reset Password screen.

Default Password Policy in Service Desk

A robust password policy is crucial aspect for the security of a Service Desk. By default, Service Desk will enforce all its users i.e. Admins, Agents and Requesters to adhere to the default minimum password requirements. All new Service Desk account passwords will be imposed to the default password policy.

Default Minimum Password Requirements

Minimum of 8 characters
At least one lowercase letter [a-z]
At least one uppercase letter [A-Z]
At least one number [0-9]
At least one special character [!"#$%&\'()*+,-./:;<=>?@\\^`{|}~]
During password reset, the new password cannot be the same as the previous password

These requirements will not be applicable when a custom Password Policy is configured by an admin.

Impact for New Admins, Agents and Requesters

When new Admins, Agents and Requesters sign up to an account they will be enforced to set a password that satisfies the password policy requirements setup by the admin.

Impact for Existing Admins, Agents and Requesters

When existing Admins, Agents and Requesters (with weaker passwords) logout and re-login to Service Desk, they will be enforced to set a new password that adheres to the password policy requirements setup by the admin.