Set password policies and session duration Updated January 10, 2025 23:24 Note: This article is about the new beta Admin App, which is still in development. Changes may occur. Please provide feedback directly in the beta app. As an admin, you can enhance security by setting password requirements and managing session durations. Define criteria for creating strong passwords and control how long users stay logged in after inactivity, ensuring both protection and convenience. See how it looks Key features Define a minimum number of characters in a password Enforce whether a password must be different from a number of previous ones Specify which characters must be included in a password Configure password expiry Set a period of inactivity, after which users are logged out automatically You need this to succeed The beta Admin App enabled Feature availability depends on your subscription package Admin permissions Do this step by step Log in to the Admin App and click the gear icon to open Settings. Select Security from the left side menu. In the Authentication section, click Password Requirements to reveal the password policy options. See the password policy table for policy descriptions. Check the boxes next to the policies you want to enable. Then, set any additional settings if needed. Click Save when done.Passwords created or updated by users will be automatically validated against the set policies. Password policy Description Passwords must not include the company name. Always enabled. Passwords must not include the user's first name or last name Always enabled. Passwords must be at least X characters long Always enabled.Set a number of characters between 6 and 255. New passwords must be unique over the last X month(s). Enable this option to prevent users from reusing recent passwords within a specific timeframe. Select a period of time between 1 month and 6 months. New passwords must be different than the previous X passwords Enable this option to prevent users from reusing recent passwords. Select a number of previous passwords between 1 and 5. Passwords expire after X days Enable this option to encourage users to refresh their passwords. Select a period of 30, 60, or 90 days. Users will need to reset their password at the set interval by entering the old password and a new password, different from the previous one. Passwords must include: At least 1 letter At least 1 number At least 1 lower case letter At least 1 upper case letter At least 1 special character (non-alphanumeric) Enable one or more character requirements to align with your organization’s security policies and make passwords more resistant to common attacks. In the Access section, click Access Management to reveal the Session Duration options. You can select the following options to set an automatic logout timeframe for users of the mobile apps and the Web App. Default: Users will stay logged in until these session time limits: 24 hours for the Web App, 2 weeks for the Showpad Plugins and Windows Desktop App, and indefinitely for the Mobile App.On the Web App, users are automatically logged out after 24 hours of inactivity. However, if they select the Remember Me option on the login screen of the Web App, they will stay logged in for 2 weeks of inactivity. Custom: Users will be automatically logged out after the selected hours of inactivity, except for the Windows Desktop App and the Outlook or Gmail plugins, which follow the default time limits mentioned above. However, if users select the Remember Me option on the login screen of the Web App, they will stay logged in for 2 weeks of inactivity. Click Save. Note: These settings also apply when using Single Sign-On (SSO) with Showpad. However, the Remember Me option is unavailable for users when using SSO. Learn how this feature works in the current Online Platform. Related articles Export a list of files Okta user provisioning with SCIM Configuring advanced security settings for users Record and submit PitchIQs Edit published Courses with the Course Builder