Newer Version Available
Set Password Policies
Improve your Salesforce org security with password protection. You can set password
history, length, and complexity requirements. You can also specify what to do when a user
forgets the password.
| Available in: both Salesforce Classic (not available in all orgs) and Lightning Experience |
| Available in: Contact Manager, Essentials, Group, Professional, Enterprise, Performance, Unlimited, Developer, and Database.com Editions |
| User Permissions Needed | |
|---|---|
| To set password policies: | Manage Password Policies |
You can set different password and login policies based on the type of user.
- From Setup, enter Password Policies in the Quick Find box, then select Password Policies.
- Customize the password settings.
- Customize the forgotten password and locked account assistance
information.
Field Description Message If set, the message you enter appears in the “We can’t reset your password” email. Users receive this email when they lock themselves out by trying to reset their password too many times. The text also appears at the bottom of the Answer Your Security Question page when users reset their passwords. You can add the name of your internal help desk or a system administrator to the default text. The message appears only for accounts that need an administrator to reset the password. Lockouts due to time restrictions get a different system email message.
Help link If set, this link displays along with the text defined in the Message field. In the “We can’t reset your password” email, the URL displays exactly as typed in the Help link field, so the user can see where the link goes. This URL display format is for security because the user is not within a Salesforce org. On the Answer Your Security Question page, the Help link URL combines with the text in the Message field and forms a clickable link. Security isn’t an issue because the user is in a Salesforce org when changing passwords.
Valid protocols are:- http
- https
- mailto
- Specify an alternative home page for users with the API Only User permission. After completing user management tasks such as resetting a password, API-only users are redirected to the specified URL rather than to the login page.
- Click Save.