Set Password to Never Expire

cerhard · July 2, 2024, 3:42pm

In account maintenance, how can I set a password to never expire?
This would be for credentails for api calls.

aosemwengie1 · July 2, 2024, 3:46pm

cerhard · July 2, 2024, 3:47pm

on what tab is that via smart client?

aosemwengie1 · July 2, 2024, 3:49pm

aosemwengie1 · July 2, 2024, 3:49pm

Just noticed you are on 2021, not sure if it existed back then.

Mark_Wonsil · July 2, 2024, 3:55pm

Yes, it is.

hackaphreaka · July 2, 2024, 4:00pm

ric-flair-never-retire

cerhard · July 2, 2024, 4:16pm

Hmm, there seems to be another way that doesnt require integration account and set the password expire date to blank.

aosemwengie1 · July 2, 2024, 4:24pm

Why don’t you want to use an integration account?

dcamlin · July 2, 2024, 4:28pm

Setting the “Password Expires Days” to zero (0) will set a user password to never expire… but no clue if/how that impacts integration accounts.

Mark_Wonsil · July 2, 2024, 4:51pm

I think there was a change where Access Scope could only be applied to Integration Accounts, but I could be wrong on that. EDIT: If you apply an Access Scope, it will automatically set it to an Integration Account.

Separately, I find the setting useful during audits to know that the account is used by machines and not people. It makes the auditing better.

Access Scope is an excellent tool for limiting the access of an account and I’d encourage its use for limiting risk.

Mark_Wonsil · July 2, 2024, 5:35pm

And while we’re talking about API security, to balance the reduced frequency of password changes, systems (including Kinetic) will use API-KEYs that SHOULD expire. Being able to roll keys periodically is a good practice and very helpful during, uh, incidents.