Credential policies are the point of union between password strength and credentials. Also settings about when the credential will have its password changed and the intervals of these triggers.
You can find the credential policies through the PAM Core ➔ Settings ➔ Credentials ➔ Policy credentials menu.
The Settings tab contains settings of how the credential will be affected by the password policy.
In the example the system is using the password force Only numbers that was created especially for systems that accept only 5-digit numeric passwords.
Password Policy settings
Simultaneous Allow viewing?: The password withdrawal may not occur simultaneously. If a user performs the password withdrawal he will be in custody, and another user can only make the withdrawal if the user who holds custody releases the use;
Simultaneous Allow session?: The users who want to perform proxy sessions with the credential will be able to perform simultaneous accesses since in these cases the password will not be exposed;
Priority: Define the policy application priority if senhasegura finds more than one policy that applies to the credential. The higher the priority, the higher the number of this field;
Expiration time by view: The time interval in which senhasegura will automatically change the password after viewing by a user. In this example, the password will be automatically changed after 1 hour of withdrawal;
Expiration time by period: The time interval in which the password expires after a long period of no use. That is, no one used the password either via withdrawal or via proxy session. But the password must be recycled still;
Reuse same password for: The time when the password will be reused after use by a proxy session. Unlike password withdrawal, when the password is used via proxy there is no direct exposure to the user. But it is recommended that the password be recycled after the proxy session. This interval then determines how long senhasegura should allow password reuse in other sessions until the automatic exchange is performed;
Days of expiration: Some credentials cannot be recycled daily. Whether it's the security policies of the target device or the impacts it might have on the business. Then, in these fields you can configure which days the password exchange may occur;
Hours of expiration: In the same way as the previous field, some deals only allow trading at certain times;
All these fields determine actions that influence the customer's business rule, or target device security rules. Configuration mistakes of these fields can lead to the unavailability of the credential.
If you change the password policy in a way that no longer applies to the credential, the credential will use a new policy that meets your device and credential characteristics.
For criteria you can follow this documentation group criteria.