Passwords in Configurations with Multiple Tenants

In configurations with multiple Tenants, the inheritance rule applies for many of the password-related features listed in this chapter. If a feature is not configured for a particular tenant, rules for ancestor tenants are used, up to the ENVIRONMENT tenant (assuming there is no termination of inheritance otherwise). If no rule is set in the ancestor tree, no limits exist.

If a particular tenant requires different settings from its ancestors, you can configure it in two ways:

• Configure only those settings to be changed. Use this method only if you want to change a few specific settings; otherwise use inherited value for the other settings. This will override the inherited values for those settings and leave the values of other settings unchanged, including those inherited from ancestor tenants. Where applicable, child tenants of this tenant will inherit the new values of the changed settings.
• Reset all options to their default values, and then customize the values as required for this tenant. Use this method only if you want to reset or change multiple settings for this tenant and its descendants. To set all options in the [security-authentication-rules] section to their default settings, set the tenant-override-section option to true. This option breaks the inheritance chain, effectively making this tenant a new inheritance node for all child tenants, and is easier than changing each option manually. Then, for this tenant and its child tenants, you can set appropriate values for any individual option for which you do not want the default value to apply.