Go to Apps and search for User Password Policy. You will find the app like shown in the image below. Install the module to enable password security rules, expiration policies, and automated notifications. Once installed, you can start managing user password policies directly from the settings.

Now, go to **General Settings**. In the search bar, type Secure Access Control to quickly access all password-related fields. Here, administrators can configure password rules, expiration policies, and notifications to ensure secure access for all users.

Now, go to **Users**, select a user, and click the **settings icon**. From the dropdown, choose **Change Password**, and the wizard will open allowing you to update the user’s password. This ensures compliance with your configured password rules and expiration policies.

When a new password is entered in the **Change Password** wizard, the system automatically checks it against the configured password security policy. If the password does not meet the required rules (length, complexity, or history), a validation error is displayed, ensuring all passwords comply with the organization's security standards.

The module provides a scheduled action that automatically sends reminder emails to users when their passwords are about to expire. Administrators can configure the number of days before expiration to send the email directly in **General Settings**, alongside the password validation rules. This ensures users are notified in advance, reducing login disruptions and maintaining security compliance.

Here, you can see the **password expiry email** sent to the user’s registered email address. The email includes a **Reset Password** button, notifying the user and allowing them to set a new password easily, ensuring timely compliance with the password security policy.

When a user attempts to reset their password during login, the system automatically checks the entered password against the configured security policy. If the password does not meet the required rules, a validation message appears directly on the login screen, informing the user exactly what criteria must be met to successfully reset their password.

When a user’s password has expired, the system prevents login and displays a validation message: Your password has expired. Please reset your password to continue. This ensures users cannot bypass password policies and maintains secure access at all times.

Administrators can define a grace period in minutes or hours from the settings. Once the configured time limit is exceeded, users are required to reset their password again before logging in. This ensures strict enforcement of password expiry rules and prevents continued access using outdated credentials.

As shown here, if a user attempts to reset their password before the configured expiration time, the system displays a validation message and blocks the action. This prevents premature password changes and ensures password policies are strictly enforced.