The Legistar Password Policy is a setting that Granicus can enable for your Legistar database, which increases security by implementing complexity requirements and expiration for user passwords, and increases usability by enabling users to reset their own passwords from the Legistar login screen.
Prior to the Legistar Password Policy being implemented, Legistar passwords for all databases were only required to have 4-12 characters of any type, and did not expire. These parameters are still in effect for any databases that do not have the Legistar Password Policy enabled.
Requirements for passwords
When the Legistar Password Policy is enabled, user passwords are required to meet the following criteria:
- At least 12 characters long
- At least 1 lowercase letter
- At least 1 uppercase letter
- At least 1 number
- At least 1 special character. Permitted special characters are as follows: !#$%&'()*+,-./:;<=>?@[]^_`{|}~
Enabling the Legistar Password Policy
Legistar users need to receive an email from Legistar in order to reset their passwords. For this reason,
it is strongly recommended that Legistar administrators check the People records for all Legistar users to ensure that their email addresses are accurate and up-to-date before enabling the Legistar Password Policy. It is also recommended to check that your email service has legistar@granicus.com listed in its safe list.Once these items are checked,
open a Support case to request that Password Policy be enabled for your database.
Password expiration and reset reminders
Once Password Policy is enabled, two new settings are available in
System Settings, under
GENERAL.
Password Expiration in Days sets the number of days that users can keep a password before it expires. By default, this field is set to 180, but you can set it to any whole number up to 6 digits. For this setting, "days" includes weekends.
Password Reset Reminders in Days sets the number of days before a password expires that the user begins to receive reminders to reset their password. By default, this field is set to 7, but you can set it to any whole number up to 6 digits. If you don't want your users to receive reminders, you can set the field to 0. For this setting, "days" includes weekends.
During the reset reminder period, users receive one reminder email per day, and a reminder also displays in the Legistar UI, as shown below.
Are users allowed to keep their existing passwords?
After Password Policy is enabled, users can only keep their existing passwords if those passwords are compliant (i.e. meet all requirements listed in the
Requirements for passwords section above) and have not existed for longer than the password expiration period. Users whose existing passwords are not compliant or have been kept longer than the password expiration period will be prompted to reset their passwords the next time they log in to Legistar.
What if our users aren't receiving their reset emails?
As part of the password reset process, Legistar users need to receive an email from Legistar with a reset code. If a user doesn't receive this email, first check the user's People record in Legistar Administration. Legistar sends the reset email to the email address recorded in the field
Email 1; if the email address in this field is incorrect, or if the user's email address is recorded in a different field, then the reset email does not deliver successfully.
The reset emails are sent from the email address legistar@granicus.com. Make sure that this email address is on your safe list, and that the emails are not being sent to your spam folders.
If you have checked your user's email address and your email safe list and the user is still not receiving reset emails, reach out to Granicus Customer Support for assistance. In the meantime, as a Legistar administrator, you can still change users' passwords on their behalf, which does not require an email to be sent. For more information on how to reset a user's password as an administrator, see
Viewing and Creating User Accounts.
