You can create a custom password policy for the users in your organization by changing one of the following default settings. The custom password policy applies when:

  • The user sets a password for the first time as a new user.

  • The users reset their password or their password expires.

This option applies to your organization only if you are using Webex as your Identity Provider. If you synchronize the users from Active Directory, see https://www.cisco.com/go/hybrid-services-directory. If you configure SSO with a third party Identity Provider, see Single sign-on integration in Control Hub.

You can use the Smart Lockout and Password Policy options explained in the next section to manage the passwords of your organization.

Password management options

Smart lockout

This option progressively increases the time that a user retries the password after several subsequent wrong entries. The users can continue to access their accounts without the need to contact the administrator to 'unlock' the account. Smart Lockout is on by default and starts working after 5 failed authentication attempts.

Password policy

You can use this option to ensure that all new and changed user passwords comply with the password criteria that you specify.

You can set the requirements using the following options:

  • Minimum character length (8-256)—Type the required number in the box to ensure that user passwords have at least the number of characters that you specify. The default value is '8'.

  • Contains at least one lowercase letter—Select the check box to ensure that the user includes at least one lowercase letter.

  • Contains at least one uppercase letter—Select the check box to ensure that the user includes at least one uppercase letter.

  • Contains at least one number—Select the check box to ensure that the user includes at least one numeric character.

  • Contains at least one special character—Select the check box to ensure that the user includes at least special character.

  • Days between password changes (90-1825)—Select to ensure that the users change passwords after the specified number of days. Default value is '1825' days.

  • Can’t be any of the last—Select an option from the drop-down list to ensure that the users don’t use the same password until they exceed the specified number of unique passwords. The default option is '3 passwords.'

  • Passwords can't contain any of these words—Type the words in the box to prevent the use of any word in the list, in user passwords. You can edit the list to add or remove words. You can include up to 25 words.

Click Save to save the requirements for your password policy.

Admin send password reset

You can send users a password reset link when using Webex as your identity provider (IdP). A user recieves a link from Webex ID and is asked to reset their password as part of that flow. The admin sending the link recieves a confirmation message that it's been received.


If the user is using multiple identity providers and isn't routed to Webex as IdP, the admin sees an error message. In this case, the user is being routed to an IdP for federated single sign-on (SSO), and the user password authentication is stored on another platform.