Password expiry by domain and 2FA by domain
Question asked by Merle Wait - 10/26/2022 at 8:38 AM
Have several different types of customers..  One set of customers want to have their passwords expire every 30 days....  the other set NEVER want their passwords to expire...  And also have some requesting to 2FA.
Maybe I missed it.. but is there away to set up expiring passwords by domain, and also same for 2FA?
I see I can do it for entire site.. but have some long time (and large) companies that DO NOT want their passwords to ever expire....   
.. so stuck in the middle 

2 Replies

Reply to Thread
Tony Scholz Replied
Employee Post Marked As Answer
Hello Merle, 

Currently SmarterMails password requirements are system wide and can not be adjusted per domain. 2FA can be set up per domain / user. Go to the Configuration page of the domain and enable 2FA

Two-Step Authentication - Two-Step Authentication is a method of providing a second verification of account ownership before a user can log into their account or connect to third-party clients and/or devices. For example, when a user has Two-Step Authentication enabled for their account, the SmarterMail login page will require their primary account password and a secondary verification of account ownership before the user can log into webmail. The second method of verification will be provided to the user through popular authentication apps, like Google or Microsoft Authenticator, or through a recovery email address. When this feature is enabled for a domain, the Domain Administrator can override the system setting and choose whether to enable or force Two-Step Authentication for their users. Two-Step Authentication can be Disabled, Enabled or Forced for the domain.

Once this is enabled the user will then be able to chose ( unless you are forcing ) 

Thank you
Tony Scholz
System/Network Administrator
SmarterTools Inc.
(877) 357-6278
Merle Wait Replied
Thank you for your response...  please consider making this at the domain level....
I have some domains that are really FOR better password handling.. and some that are against.
Having the ability to handle this at the domain level would ensure that I could keep my customer base happy (er at least in regard to this issue)

Reply to Thread