Understanding password policies

Password policies are used to set rules and requirements for usage in SCM. There are currently two kinds of password policies:

  • Administrator policies — Administrator password policies apply to the passwords used by administrators for login. They apply to standard and API administrators and only one of each type can exist. Once created, the policy enforces password rules for all administrator profiles of that type.

    A Default password policy always exists. This policy can be modified as needed and is overridden by MRAO and RAO/DRAO password policies.
  • Organizational policies — Organizational password polices can be created and delegated to specific organizations and departments as required. These password policies are applied to specific passwords related to certificates and enrollment, such as the passwords used with PKCS#12 files.

Password policies can be managed on the Settings  Password Policies page.

Password Policies page

The following table describes the settings and controls of the Password Policies page.

Column Description

Name

The name of the password policy

Type

The type of the password policy:

  • Default — The default password policy created by Sectigo that applies to all administrator profiles when no other password policy exists

  • MRAO Admins — The password policy applicable to all MRAO administrator profiles

  • RAO/DRAO Admins — The password policy applicable to all RAO/DRAO administrator profiles

  • Organization assignment — Password policies delegated to organizations and departments for certificate and endpoint related passwords

Table Controls

Refresh

Refreshes the information presented in the table

Password policy controls

Add

Opens the Add Password Policy dialog where you can add a new password policy

Delete

Removes the selected password policy

Edit

Opens the Edit Password Policy dialog where you can manage an existing password’s policies

Delegate

Opens the Delegate Password Policy dialog where you can specify which organizations and departments inherit the password policy