Password reset and expiration handling
Password rules
| Rule | Detail |
|---|---|
| Password lifetime | Passwords expire 90 days after being set. |
| Expiration behavior | Login is blocked at the login step. The user must use the Forgot/Change Password flow. |
| History restriction | New passwords cannot match any of the last 5 passwords previously used. |
| Reset link expiration | Reset links are single-use. Once used, the link is invalidated. |
Note
Admins cannot bypass password expiration or set a password for a user directly. If a user cannot access their email, the Admin can delete and recreate the user account.