Mendix SSO password policy creation

Hi guys, I'm trying to create some custom criteria for a password. All our production users are all working through SSO, and I'd like to be able to force them to change their passwords on entry to comply with the client's requested standards, including changing the password every 90 days. I've got a custom microflow where I'm validating the new password, but I was wondering if there's anything in the standard SSO module to help with this? Similar to user accounts within apps where you can choose that a password has to have a special character, lowercase/uppercase etc.   Thanks and have a good one!
2 answers

The point of SSO is that you no longer have to decide that. The identity service provider create the rules for when the passwords should change and the rules for those passwords not you or the Mendix application. And for Mendix SSO these rules can be set in the control center. So check with your company admins that have access to the Mendix control center.





Hey belle, how is it going over there ahah?! 

The point of SSO is that you use one account to login to multiple applications. If you change this password, this will also change for the other aopplications. Is this what they want?  If your account comes from an identity provider. Your passwordData is not stored in Mendix, or at least, we should not do anything with it. If you change the password in mendix, it is only saved in mendix. But while logging in, the password is checked against an active directiory which is not in mendix. So changing the password in mendix doesn't make any sense. 

If you want to change the password on the side of the Identity providor, you'd need API's to change the password. Or the Identity providor needs to have a userflow where you can be redirected to, sothat you can change it on their server. But i doubt this is what the customer wants. 

If they want the password to match some new requirments, they should handle that on their identityprovider side.