Manage Local Authentication Policy

An Identity Provider (IdP) stores and manages users' digital identities. An IdP may check user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another service provider (like an SSO) checks.

An IdP can authenticate any entity connected to a network or a system, including computers and other devices.

Lighthouse Administrators can set Password Policies to ensure that users set secure passwords.

Note:  All password fields in Lighthouse are write-only. They accept data from the clipboard or pasteboard but do not pass data out.

Set the Password Policy

  1. In the Settings Pane, select > USERS & ACCOUNTS > Local Authentication Policy
    The LOCAL AUTHENTICATION POLICY page displays with the PASSWORD POLICY tab selected.

  2. Select Enabled to enable the password policy.

  3. Modify the PASSWORD REQUIREMENTS. select the check boxes to enable one or more of the following options:

    • Minimum password length. Enter a value from 1 to 128.

    • Require at least one capital letter.

    • Require at least one number.

    • Require at least one symbol.

    • Disallow username in password.

    • Prevent password reuse. Select Always or Days and set the number of days between reuse.

    • Set password expiry. Set the number of days until passwords expire. At next login, the user must reset the password.

  4. Click Apply.

Set the Login Restrictions

Login restrictions can be applied by administrator users to prevent unauthorized login attempts via the UI and REST API.

Caution: Enabling login restrictions can cause the system to be inaccessible in an emergency.

  1. In the Settings Pane, select > USERS & ACCOUNTS > Local Authentication Policy
    The LOCAL AUTHENTICATION POLICY page displays with the PASSWORD POLICY tab selected.

  2. Select the LOGIN RESTRICTIONS tab.

  3. Select Enabled to enable the login restriction policy.

  4. Enter a value for Maximum attempts to set the number of attempts a user can enter an incorrect password before being locked out.

  5. Enter a value for Lockout period to set the number of minutes until a user can try to login again after reaching maximum incorrect login attempts.

  6. Click Apply.