Local IDP Password Policy

Safous ZTA provides its own internal IDP referred to herein as the "local IDP". Some use cases for using the local IDP include: 

a. If you want to deploy a completely private closed on-prem system where you want to create completely private offline local users.  

b. If you want to increase your compliance, you can use the local IDP so that your identity provider and your MFA and SSO providers remain separate. In this way, you maximize your ability to view security breaches.  

c. If you are a small business and do not wish to purchase licenses from an outside IDP provider, you can use the local IDP as part of the platform.  

d. If you have many 3rd party users and you want to manage their information on a separate IDP, disconnected from your organization’s IDP so that they don’t access your entire infrastructure.  

e. If you wish to use Safous ZTA as proof of concept before scaling to a larger environment.  

f. If you have assets with unchangeable usernames and passwords, or assets with a one-to-many use case, the local IDP can function as a seamless space for password and credential rotations.  

Administrator Configurations

If you are using the local IDP, the Administrator can modify the password policies that adhere to various market standards. In the Admin Portal under Settings > ZTNA > Configurations > Password Policy the Administrator starts by configuring these fields:

  • Expiration (days): Set expiration policy, e.g., in how many days a password will expire (with 0 = never expires, up to a maximum of 999 days). The default for password expiration is 90 days but as noted, it can be configured.
  • Minimum password length: with a defaulted minimum of 8 characters.
  • Number of previous passwords that cannot be reused: Admin can can select the number of previous passwords that can be reused. The value 0 means no restrictions (never expires). All other numbers are the iteration availability. 
  • Character complexity: Password complexity, where the Admin can define the number of rules that can apply to the password policy.  The default is 3 out of 4 password rules.
  • Prohibit common dictionary words: Defaulted to enabled (check box). The most common dictionary words are stored on the App Gateway and will be updated.

     

Once you modified the policy, click the orange Save button to apply.