Forcing users to change their passwords

With the Enforce Policy and Restrictions check box in the User Password Management Configuration form, you can force all users to change their passwords according to the policy you set up.

The maximum limit for the following fields is 24855 days

To force all users to change their passwords

1. From the AR System Administration Console, select System > General > Password Management Configuration.
2. On the User Password Management Configuration form, select the Enforce Policy and Restrictions check box if it is not already selected.
3. The maximum limit for the following fields is 24855 days:
   
   • Number of Days Before Expiration
   • Number of Warning Days
   • Days After Expiration Until disablement
     
4. Enter the information in the Enforcement Policy and Restrictions sections.
   The maximum limit for the following fields is 24855 days:

1. • Number of Days Before Expiration
   • Number of Warning Days
   • Days After Expiration Until disablement
2. Click Save.
   All users are forced to change their passwords at their scheduled expiration date. When users change their passwords, they must enter the old password once and the new password twice.

For more information about the fields in Enforcement Policy section, see:

1. 
   
   • Enforcing-restrictions-on-passwords
   • Setting-up-password-expiration-with-scheduled-warnings  

To force new users to change their passwords

1. From the AR System Administration Console, select System > General > Password Management Configuration.
2. In the User Password Management Configuration form, select the New User Must Change Password check box.
3. Click Save.
   When you create a user, the user is prompted to change the password the first time the user logs in.

To force individual users to change their passwords

1. From the AR System Administration Console, select System > Application > Users / Groups / Roles > User.

   The User form opens in Search mode.
   

2. Search for the appropriate user.
3. Modify the Password Management fields for the user, as needed. For more information about the User form, see Creating-and-modifying-users.
4. Select the Force Password Change on Login check box.

5. Click Save.

   Changes in the User form take precedence over the configuration settings in the User Password Management Configuration form.
   If you change the policy on the User Password Management Configuration form, changes on the User form can be overwritten.

Scenarios to use the Password Change form to update the BMC Helix Innovation Suite password

When you access BMC Helix Innovation Suite   through clients, such as Developer Studio, Mid Tier , or Smart IT, use the   User Password Change  form through Mid Tier to change the password if the following conditions are true:

• You use BMC Helix Innovation Suite   with AR System authentication instead of the BMC Helix Single Sign-On   authentication.
• You log in for the first time to BMC Helix Innovation Suite , or when you log in after your password expires.