You can configure specific timeout periods and password requirements for each individual role within your learning site. There are default configurations, but we strongly encourage you to review and adjust your settings as needed.
Timeout Settings
Controls how long a user can be logged in to the site while inactive, before being automatically logged out.
Password Policies & Strength
Force a password reset after inactivity and also set a minimum password length, as well as a minimum requirements for numbers, symbols and uppercase characters.
Note
Password requirements only apply to learning sites that are using the Thought Industries registration/checkout flow. They do not apply in the case of SSO.
Configuring Timeout & Password Requirements
- From your homepage, select Users > Managers.
- Locate the role you wish to update and click into the role list.
- In order to adjust your settings, click the gear icon in the top right of the screen. Then, click Edit Role Requirements.
- Update Session Management:
- Auto-logout after inactivity
- Default for any manager role is 1 day, for security purposes.
- Auto-logout after inactivity
- Update Password Policies:
- Force password reset after inactivity
- Default is 5 years
Note
The reset password setting allows you to force a password reset if a user hasn't logged in for a certain period of time. This is important for maintaining security and preventing the login of forgotten privileged accounts (for example, manager accounts belonging to users who have left your organization). We strongly recommend setting this to 1 month or less for all non-learner roles.
- Force password reset every (date interval)
Available for manager roles only. Check out additional notes here.- Default is 5 years
- Force password reset after inactivity
- Update Password Complexity Requirements:
- Minimum length
- Minimum numbers
- Minimum symbols
- Minimum uppercase letters
- Click Save.
Reset Password Notes for Manager Roles
Maintaining strong access controls is critical for protecting sensitive data and meeting security and compliance requirements. In addition to inactivity-based reset controls, you can enforce password resets for Admin and Manager roles on a fixed, calendar-based schedule.
A fixed-period password reset supports consistent password rotation policies (for example, every 90 days or annually), regardless of how frequently individual users log in. This helps ensure privileged accounts remain secure over time and aligns password practices with organizational standards.
When configuring manager role requirements, you can use:
- Reset Password (due to inactivity): Forces a password reset after a user has not logged in for the specified period.
- Reset Password (fixed period): Forces a password reset based on a recurring calendar interval.
Both settings default to 5 years, unless updated.
Tip
You can configure requirements for the default Learner role as well. Go to Users > Learners and click the gear icon in the top right, then click Edit Role Requirements.