How Password Policies are Applied in Liferay

Here are several use-cases outlining how password policies are applied in Liferay Portal.

Case 1

When a user and all organizations that the user is a member of don't have a password policy, then the default policy is given to the user.

Case 2

If the user has no password policy but an organization the user is a member of does have a password policy, then the organization's password policy is given to the user.

Case 3

If a user is a member of multiple organizations with more than one of those organizations having a password policy, then the first such organization found by Liferay will impose its password policy on the user.

Case 4

If the user has been assigned a password policy and an organization the user is a member of has a password policy, then the user's password policy is applied.

Case 5

Password policies are not inherited among parent and child organizations due to performance concerns. Child organizations are assigned the default password policy rather than the password policy of parent organizations.

• Please see LPS-42800 for more information.
• For instructions on how to configure password policies please refer to the user guide page, Managing Portal Settings.