RELATED IDEAS
Automatic Password Expiration
What is the challenge? |
SSO to Idea Portal via SAML meeting our internal security standards. |
What is the impact? |
We are a core service provider and we allow both our employees and clients to access a private idea portal. We'd like to grant our employees SSO access to Aha to simplify signon and user management but some of your security rules don't meet our requirements. |
Describe your idea |
Enforce a configurable password expiration timeline so that clients could enable a setting for all their users. Example - All user passwords should expire every 90 days. |
-
ADMIN RESPONSEAug 30, 2024
Thank you for the idea. We recommend using SSO to meet this need and are unlikely to implement this idea in the near future.
When you implement SAML 2.0 SSO for your Aha! and ideas portal users, your identity provider enforces all login requirements and validates any passwords. Aha! passwords are not used in SAML 2.0 SSO logins and Aha! password expiration does not apply or impact your user accounts. Using SAML 2.0 SSO for all users ensures that the user passwords meet the requirements of your identity provider (including password rotation if configured) prior to SSO login.
In accordance with NIST 800-63-3 recommendations, Aha! does not implement forced password rotations and instead we implement multi-factor authentication for our own users. Aha! supports optional Duo multi-factor authentication for your Aha! users and also supports SAML 2.0 SSO both for Aha! users and portal users which allows you to enforce your own password and security requirements.
