Password Policy for Palo Alto Networks SSO (non-Federal customers)

Password Policy for Palo Alto Networks SSO (non-Federal customers)

57935
Created On 04/19/22 18:03 PM - Last Modified 11/26/25 00:41 AM


Question


What is the password policy for Palo Alto Networks SSO for non-Federal customers?
For Federal customers, please refer to the FedRAMP Compliance FAQs for User Authentication.

Environment


CSP

Answer


  • Palo Alto Networks password policy enforces minimum password complexity including case sensitivity, number of characters,
    mix of upper and lower case letters, numbers, and special characters, as well as reset restrictions, reuse rules and auto lock after multiple failed login attempts.

  • Password must be a minimum of 11 characters, maximum 72 characters.   

  • Password must have at least one each of upper-case letters, lower-case letters, numbers, and special characters.
    • If password does not meet these requirements this error will display:
      2.png

  • Password minimum and maximum lifetime restrictions are enforced.
    • 1 day minimum
    • 365 days maximum

  • Password reuse is restricted for 24 generations

  • After 5 incorrect login attempts, the account will lock and auto-unlock after 15 minutes. 
    • A password reset by clicking "Forgot Password" will unlock the account 
      1.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNdpCAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language