Skip to content

Configure password policy and session settings

This guide shows you how to set password requirements, account lockout rules, and session timeouts for your organization’s admins.

Who can do this: Admins who have permission to configure security settings. Org owners can do this by default.

  • The system enforces a minimum password length of 12 characters. You can require more, but you cannot go below 12.
  • If you tighten the policy and existing passwords no longer meet the new rules, MapleGather offers to send password-reset emails to those admins.
  • Session settings apply to admin accounts in your organization. Member-facing sign-in is separate.
  1. Go to Admin & SecuritySecurityPassword policy.
  2. Under Password strength, set your requirements:
    • Minimum length — enter a number between 12 and 128.
    • Complexity — check any combination of Uppercase, Lowercase, Digit, and Special character.
    • Password history — enter a number between 1 and 24 to prevent reuse of recent passwords.
  3. Under Account lockout, set Max failed attempts to a number between 3 and 20. After this many failed sign-in attempts, the account locks.
  4. Under Session lifetime, configure:
    • Remember-me session — how long a “stay signed in” session lasts before the admin must sign in again.
    • Workstation session — how long an ordinary (non-remember-me) session lasts.
    • Re-auth threshold for sensitive actions — how long an admin can be inactive before they must re-authenticate to perform sensitive actions (such as changing a password, adding a payment method, or granting an admin role).
  5. Click Save policy.

If some existing passwords fall below your new minimum length or complexity rules, a notice appears. Click Send password-reset emails to prompt those admins to update their passwords.

Magic links are the sign-in links MapleGather sends by email — for admin invitations, password resets, and similar actions. Each link type has a default TTL you can override for your organization.

  1. Go to Admin & SecuritySecurityMagic-link policy.
  2. Review the table of link types and their current TTLs.
  3. Enter an override value in the Org override column for any type you want to change.
  4. Click Save TTL overrides.
  • Password policy: You’ll know it worked when you see the “Policy saved.” confirmation message.
  • Magic-link TTLs: You’ll know it worked when you see the “TTL override saved.” confirmation message.
  • “Minimum length cannot be below 12 — this is the system floor.” — Enter 12 or higher in the Minimum length field.
  • Password-reset emails not delivered — Ask affected admins to check their spam folder. If the issue continues, contact MapleGather support.
  • Session lengths not taking effect — Existing sessions use the policy that was in place when they started. Admins will pick up the new settings on their next sign-in.