User Account Policy

The user account policy window is where you can set rules for user accounts using MSL login credentials. These settings don't affect accounts linked to Single Sign-On (SSO) login. You can set up password security rules like minimum password length, maximum password age, and lockout for repeated incorrect login attempts.


You can access this feature from your MSL Admin site. Only Super Admins with Membership Admins or Site Admins permissions can access the User Account Policy window, but only MSL has the permissions to update these settings.

For further information, see People Overview.

User Account Policy Fields

This table lists and explains the User Account Policy fields.

Field NameDefinition
Min Username LengthThis is the shortest permissible length for a username.
There is a default minimum username length of 6 characters.
Min Password LengthThis is the minimum number of characters required for a password.
There is a default minimum password length of 6 characters.
Lockout Threshold (Attempts)This is the number of unsuccessful login attempts allowed before an account is locked.
There is a default lockout threshold of 5 attempts.
Lockout Duration (Minutes)This is the period of time an account remains locked after reaching the lockout threshold, specified in minutes.
There is a default lockout duration of 20 minutes.

To learn how a super admin can unlock an account, see How to Unlock a Person's Website Account.

Max Password Age (Days)This is the maximum duration in days for which a password remains valid before it must be changed. When reached, the user is forced to change their password on login.
By default, this is set to 0, indicating no maximum password age applies.
Max Account Age (Days)The maximum lifespan of a user account in days, after which the user must re-register.
By default, this is set to 0, indicating no maximum account age applies.
Default Username OptionThis is the predefined method or criteria used to generate a username when an account is created by a super admin.
The options are:
  • University ID
  • Email Address Prefix
  • Email Address
  • University User ID
By default, this is set to Email Address.

For further information, see How to Update the User Account Policy.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.