Understanding password policies

Password policies are used to set rules and requirements for usage in SCM. There are currently two kinds of password policies:

  • Administrator policies — Administrator password policies apply to the passwords used by administrators for login. They apply to standard and API administrators and only one of each type can exist. Once created, the policy enforces password rules for all administrator profiles of that type.

    A Default password policy always exists. This policy can be modified as needed and is overridden by MRAO and RAO/DRAO password policies.
  • Organizational policies — Organizational password polices can be created and delegated to specific organizations and departments as required. These password policies are applied to specific passwords related to certificates and enrollment, such as the passwords used with PKCS#12 files.

Password policies can be managed on the Settings  Password Policies page.

Password Policies page

The following table describes the settings and controls of the Password Policies page.

Column Description


The name of the password policy.


The type of the password policy:

  • Default — The default password policy created by Sectigo that applies to all administrator profiles when no other password policy exists.

  • MRAO Admins — The password policy applicable to all MRAO administrator profiles.

  • RAO/DRAO Admins — The password policy applicable to all RAO/DRAO administrator profiles.

  • Organization assignment — Password policies delegated to organizations and departments for certificate and endpoint related passwords.

Table controls


Enables you to sort the table information using custom filters.


Refreshes the information presented in the table.

Manage Columns

Enables you to select which table columns to display.

Admin controls


Opens the Add Password Policy dialog where you can add a new password policy.


Removes the selected password policy.


Opens the Edit Password Policy dialog where you can manage an existing password’s policies.


Opens the Delegate Password Policy dialog where you can specify which organizations and departments inherit the password policy.