Forcing users to change their passwords

With the Enforce Policy and Restrictions check box in the User Password Management Configuration form, you can force all users to change their passwords according to the policy you set up.

To force all users to change their passwords

1. From the Remedy AR System Administration Console, select System > General > Password Management Configuration.
   
   The maximum limit for the following fields is 24855 days:
   
   • Number of Days Before Expiration
   • Number of Warning Days
   • Days After Expiration Until disablement
2. In the User Password Management Configuration form, select the Enforce Policy and Restrictions check box if it is not already selected.
3. Complete the fields in the Enforcement Policy and Restrictions sections. For more information about these fields, see: 
   • Enforcing-restrictions-on-passwords
   • Setting-up-password-expiration-with-scheduled-warnings 
4. Click Save.
   All users are forced to change their passwords at their scheduled expiration date. When users change their passwords, they must enter the old password once and the new password twice.

To force new users to change their passwords

1. From the Remedy AR System Administration Console, select System > General > Password Management Configuration.
2. In the User Password Management Configuration form, select the New User Must Change Password check box.
3. Click Save. Now, when you create a user, the user is prompted to change the password the first time the user logs in.

To force individual users to change their passwords

1. From the Remedy AR System Administration Console, select System > Application > Users / Groups / Roles > User.

   The User form opens in Search mode.
   

2. Search the appropriate user.
3. Modify the Password Management fields for the user, as needed. For more information about the User form, see Creating-and-modifying-users.
4. Select the Force Password Change on Login check box.

5. Click Save.

   Changes in the User form take precedence over the configuration settings in the User Password Management Configuration form. If you change the User form and you want the user to use the global password management policy (as configured in the User Password Management Configuration form. If you change the policy User Password Management Configuration form, changes in the User form are overwritten.

Scenarios to use the Password Change form to update the  password

When you access BMC Helix Innovation Suite through clients, such as Developer Studio , Mid Tier , or Smart IT , use the User Password Change form through Mid Tier  to change the password if the following conditions are true:

• You use BMC Helix Innovation Suite with AR System authentication instead of the BMC Helix Single Sign-On authentication, and
• You log in for the first time to BMC Helix Innovation Suite  , or when you login after your password expires.