Mideye User Settings – Password Policy and Inactivity Configuration
Overview
Section titled “Overview”The Mideye User Settings page provides system-wide configuration for password policies and user inactivity rules. These settings apply to all MideyeServer database users and control password complexity requirements, forced password reset timeouts, and automatic account deactivation after periods of inactivity.
The page is organized into two tabs: Password Policy and User Configuration.
Access & Permissions
Section titled “Access & Permissions”Required Role: ROOT, SUPER_ADMIN, or ADMIN (to modify settings)
Navigation: Home → Users & Tokens → Mideye User Settings
| Role | View Settings | Modify Settings |
|---|---|---|
| ROOT | ✅ | ✅ |
| SUPER_ADMIN | ✅ | ✅ |
| ADMIN | ✅ | ✅ |
| OPERATOR | ✅ | ❌ |
The Save button is only rendered for ADMIN users and above.
Tab 1: Password Policy
Section titled “Tab 1: Password Policy”Manages password complexity requirements. Two independent policies can be configured using the Policy Type selector.
Policy Types
Section titled “Policy Types”| Type | Description |
|---|---|
| ADMIN_SET | Policy for passwords set by administrators (via admin GUI or Change Password dialog). Includes an additional password reset timeout field |
| USER_SET | Policy for passwords set by users themselves (during self-service password reset) |
Changing the policy type reloads the form with the selected policy’s current values.
Fields
Section titled “Fields”| Field | Type | Required | Validation | Description |
|---|---|---|---|---|
| Policy Type | Select | Yes | — | Switch between ADMIN_SET and USER_SET policies |
| Minimum Length | Number | Yes | Min: 4, Max: 255 | Minimum number of characters required |
| Require Lowercase | Checkbox | No | — | Require at least one lowercase letter |
| Require Uppercase | Checkbox | No | — | Require at least one uppercase letter |
| Require Digit | Checkbox | No | — | Require at least one numeric digit |
| Require Special Character | Checkbox | No | — | Require at least one special character |
| Password Reset Timeout (days) | Number | Yes (ADMIN_SET only) | Min: 0, Max: 365 | Days before admin-set passwords must be changed. Only shown for ADMIN_SET policy |
Tab 2: User Configuration
Section titled “Tab 2: User Configuration”Manages the user inactivity timeout — the period after which inactive users are automatically locked or flagged.
Fields
Section titled “Fields”| Field | Type | Required | Validation | Default | Description |
|---|---|---|---|---|---|
| Inactivity Timeout Unit | Select | Yes | — | — | Time unit for the inactivity period |
| Inactivity Timeout Value | Number | Yes | Min: 0 | — | Number of time units before inactivity lock |
Time Unit Options
Section titled “Time Unit Options”| Value | Description |
|---|---|
| DAYS | Timeout measured in days |
| WEEKS | Timeout measured in weeks |
| MONTHS | Timeout measured in months |
Common Use Cases
Section titled “Common Use Cases”Setting Up a Strong Password Policy
Section titled “Setting Up a Strong Password Policy”- Select the ADMIN_SET policy type.
- Set Minimum Length to at least 12.
- Enable all complexity checkboxes (lowercase, uppercase, digit, special character).
- Set Password Reset Timeout to 90 days.
- Click Save.
- Repeat for the USER_SET policy type with the same or stricter requirements.
Configuring Inactivity Auto-Lock
Section titled “Configuring Inactivity Auto-Lock”- Go to the User Configuration tab.
- Set the time unit to MONTHS and value to 3 (locks users after 3 months of inactivity).
- Click Save.
- For service accounts that should not be locked, enable Ignore Inactivity Timeout on the individual user.
Disabling Forced Password Reset
Section titled “Disabling Forced Password Reset”- Select the ADMIN_SET policy type.
- Set Password Reset Timeout to 0.
- Click Save.
Troubleshooting
Section titled “Troubleshooting”| Issue | Possible Cause | Resolution |
|---|---|---|
| Cannot save settings | Insufficient role | Requires ADMIN role or higher |
| Users not forced to reset password | Timeout set to 0 or Password Reset checkbox unchecked on user | Verify timeout > 0 and user has Password Reset enabled |
| Password policy not enforced on create | Wrong policy type selected | ADMIN_SET applies to admin-created passwords; USER_SET applies to self-service resets |
| Service accounts locked by inactivity | Inactivity timeout active globally | Enable “Ignore Inactivity Timeout” on the individual user account |
Related Pages
Section titled “Related Pages”- Mideye Users — Manage individual user accounts and passwords
- Authentication Logs — Monitor authentication events and password resets