KB-1463 How to reset all passwords after updating Appian's password policy

Purpose

This article details how to ensure all users comply with a new password policy enforced from the Admin Console. By default, Appian does not invalidate existing users' passwords when the password policy is changed, and users who configured a password under the old password policy can keep their password until its expiry. If the password policy is required for compliance reasons, it may be necessary to manually invalidate all passwords to be certain that all users comply with the updated policy.

Please note that passwords used with logging in via SAML or LDAP are not affected by these steps, and will need to be manually reset from the identity provider side.

Instructions

There are two ways of invalidating all existing Appian passwords. 

Manually reset all passwords

Before proceeding, inform business users that if they are using native Appian authentication, they will receive a temporary password for a one-time login over e-mail and will need to choose a new password compliant with the new policy when they next log in to Appian.

1. In the Admin Console, make the changes to password policy that you wish to implement.
2. Open the "Users" tab and select "Active" users.
3. Use the top left checkbox to select 100 users at a time.
4. Select "Reset Password".
5. Repeat steps 3 through 4 for each page of 100.

Expire all passwords in one day

Before proceeding, inform business users that if they are using native Appian authentication, their current password will expire in one day and they will be prompted for a new compliant password.

1. In the Admin Console, make the required changes to password policy, and regardless of the intended expiry, enable "Expire Passwords" and set "Maximum Password Age" to 1 day.
2. Wait until all passwords would have expired.
3. Change the password expiry settings to the intended settings.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: January 2018