Password expiration

By default, passwords to Jive communities do not expire. Enabling and configuring password the password expiration feature you can enforce password updates for your community.

You can define the minimum and maximum lifetime for each password and when the notifications about password expiration should be sent to users.

Note: This feature does not affect users who use federated or SSO login.

For detailed procedures for password expiration configuration, see Configuring password expiration.

Password expiration settings

For the password expiration feature, you can determine the following settings:

  • Enable or disable the feature.
  • Set the number of days after a password must be changed. By default, the maximum password lifetime is 60 days.
  • Set the number of days after a successful password update during which the password cannot be changed again. By default, the minimum password lifetime is 1 day.
  • Set the number of days before the expiration date when notifications are sent. By default, the first notification is sent a week before the password expiration.

For the corresponding system properties, see System properties reference.

Notifications about password expiration

The notifications emails sent to users are based on the message templates.

  • The Password Expiration template is used to apprise users about the coming password expiration.
  • The Password Expired template is used to apprise users about already expired passwords.
  • The Password Reset templates are used when changing the passwords.

For more information about templates and their configuration, see Editing email notification templates.

Password expiration for a user

Notifications about password expiration are sent to the user Inbox and on the email depending on the user preferences setup. Notifications are sent every day after the configured date until the password is updated or expires. Each notification contains instructions for updating the password.

Figure: Password expiration notification in Inbox


Password expiration notification in Inbox

After the password expires, the user will not be able to log in without updating the password, regardless of the Keep me signed in option. An appropriate message is displayed on the login page:

Figure: Login page after user password expired


Login page after user password expired

Additionally, a notification about an expired password is sent to the user email.

And if a user tries to update a password within the period when the password cannot be changed, they will get the following message:


Notification about too quick update

Logging password expiration

Password expirations are not explicitly logged. But a password expiration revokes all user sessions and such events are logged, for example: 

2019-01-02 11:08:37,956/PST - [INFO] - ALL SESSIONS REVOKED for User: 'user@test.com' - [SYSTEM] -