Configuring advanced security settings for users Updated July 04, 2025 15:55 Note: This article is no longer maintained. For updated information, please refer to the corresponding Admin App article. We recommend updating your links if you’ve linked to this article. As an admin, you can enhance security by setting password requirements and managing session durations. Define criteria for creating strong passwords and control how long users stay logged in after inactivity, ensuring both protection and convenience. Key features Define a minimum number of characters in a password Enforce whether a password must be different from a number of previous ones Specify which characters must be included in a password Configure password expiry Set a period of inactivity, after which users are logged out automatically Do this step by step Click the gear icon and select Admin Settings. Select Security from the left side menu. In the Authentication section, click Password Requirements to reveal the password policy options. See the password policy table for policy descriptions. Check the boxes next to the policies you want to enable. Then, set any additional settings if needed. Click Save when done.Passwords created or updated by users will be automatically validated against the set policies. Password policy Description Passwords must not include the company name. Always enabled. Passwords must not include the user's first name or last name Always enabled. Passwords must be at least X characters long Always enabled.Set a number of characters between 6 and 255. New passwords must be unique over the last X month(s). Enable this option to prevent users from reusing recent passwords within a specific timeframe. Select a period of time between 1 month and 6 months. New passwords must be different than the previous X passwords Enable this option to prevent users from reusing recent passwords. Select a number of previous passwords between 1 and 5. Passwords expire after X days Enable this option to encourage users to refresh their passwords. Select a period of 30, 60, or 90 days. Users will need to reset their password at the set interval by entering the old password and a new password, different from the previous one. Passwords must include: At least 1 letter At least 1 number At least 1 lower case letter At least 1 upper case letter At least 1 special character (non-alphanumeric) Enable one or more character requirements to align with your organization’s security policies and make passwords more resistant to common attacks. In the Access section, click Access Management to reveal the Session Duration options. You can select the following options to set an automatic logout timeframe for users of the mobile apps and the Web App. Default: Users will stay logged in until these session time limits: 24 hours for the Web App, 2 weeks for the Showpad Plugins and Windows Desktop App, and indefinitely for the Mobile App.On the Web App, they are automatically logged out after 24 hours of inactivity. However, if users select the Remember Me option on the login screen of the Web App, they will stay logged in for 2 weeks of inactivity. Custom: Users will be automatically logged out after the selected hours of inactivity, except for the Windows Desktop App and the Outlook or Gmail plugins, which follow the default time limits mentioned above. However, if users select the Remember Me option on the login screen of the Web App, they will stay logged in for 2 weeks of inactivity. Note: These settings also apply when using Single Sign-On (SSO) with Showpad. However, when using SSO, the Remember Me option is not available for users. Click the Save button. Related articles Guide to using SSO and Showpad Editing user details General approach for SSO and Showpad Using SCIM 2.0 via Entra ID Using OneLogin for SSO with Showpad