SSO Policies & Parameters Flashcards
SSO Password Policy: Maximum lifetime
Maximum number of days a password can exist before the user must change it.
SSO Password Policy: Restrict reuse
Number of the user’s previous passwords that cannot be selected.
SSO Password Policy: Maximum length
Maximum number of characters that are allowed in the password.
SSO Password Policy: Minimum length
Minimum number of characters that are allowed in the password, which must be no fewer than the combined minimum of alphabetic, numeric, and special character requirements.
SSO Password Policy: Character requirements
Minimum number of different character types that are required in the password. The types include special, alphabetic, uppercase, lowercase, and numeric.
SSO Password Policy: Identical adjacent characters
The number of identical adjacent characters that are supported in a password. The value must be greater than 0.
SSO Lockout Policy: Max number of failed login attempts
Maximum number of failed login attempts that are allowed before the account is locked.
SSO Lockout Policy: Time interval between failures
Time period in which failed login attempts must occur to trigger a lockout.
SSO Lockout Policy: Unlock time
The amount of time the account stays locked. The value 0 specifies that an administrator must explicitly unlock the account.
SSO Token Policy: Clock tolerance
Time difference, in milliseconds, that SSO tolerates between a client clock and a domain controller clock. If the time difference is greater than the specified value, SSO declares the token to be invalid.
SSO Token Policy: Maximum token renewal count
Maximum number of times a token may be renewed before a new security token is required.
SSO Token Policy: Maximum token delegation count
Maximum number of times a single holder-of-key token can be delegated.
SSO Token Policy: Maximum bearer token lifetime
The lifetime value of a bearer token before the token must be reissued.
SSO Token Policy: Maximum holder-of-key token lifetime
The lifetime value of a holder-of-key token before the token is marked invalid.