This article details how to ensure all users comply with a new password policy enforced from the Admin Console. By default, Appian does not invalidate existing users' passwords when the password policy is changed, and users who configured a password under the old password policy can keep their password until its expiry. If the password policy is required for compliance reasons, it may be necessary to manually invalidate all passwords to be certain that all users comply with the updated policy.
Please note that passwords used with logging in via SAML or LDAP are not affected by these steps, and will need to be manually reset from the identity provider side.
There are two ways of invalidating all existing Appian passwords.
Before proceeding, inform business users that if they are using native Appian authentication, they will receive a temporary password for a one-time login over e-mail and will need to choose a new password compliant with the new policy when they next log in to Appian.
Before proceeding, inform business users that if they are using native Appian authentication, their current password will expire in one day and they will be prompted for a new compliant password.
This article applies to all versions of Appian.
Last Reviewed: January 2018
© 2020 Appian. All rights reserved.