Skip to main content
Skip table of contents

Password Rules Management

With the introduction of Password Rules Management, PowerSchool now provides PowerSchool administrators the ability to configure various rules that are applicable when Students, Admins and Teachers, and Parents establish and maintain their passwords, including:

  • Password Complexity Rules
  • Password Expiration Rule
  • Password Reuse Rule
  • Account Lockout Rule

When using PowerSchool SIS as an Identity Provider (IdP), there are additional restrictions on Password Rules Management configuration:

  • The Account Lockout Rule cannot be disabled.
  • Passwords must be unique from a database of well-known passwords.

Password Rules Management and Student Password Management only show settings when using PowerSchool as the IdP.

Once Password Rules Management is configured, Password Rules Management functionality appears throughout the PowerSchool SIS Admin portal, the PowerSchool SIS Student and Parent portal, the PowerSchool SIS Teacher portal, and PowerTeacher Administrator.

Upgrading PowerSchool

When upgrading, Password Rules Management is automatically set to the following default values for students, admins and teachers, and parents:

  • Password Complexity Rules (Minimum characters) – Set to 1 for students, admins, and teachers. Set to 6 for parents.
  • Password Complexity Rules (Password contains) – Disabled.
  • Password Expiration Rule – Disabled.
  • Password Reuse Rule – Disabled.
  • Account Lockout Rule – 20.

Once you have configured Password Rules Management, subsequent upgrades will preserve your configurations.

During the upgrade, user account data is migrated into the new Password Rules Management PCAS tables. All Administrator-defined and user-defined passwords are converted to a hash as part of this process. Once the upgrade is completed, a comma-delimited file is created in the PowerSchool logs folder (the same folder containing pslog.txt and dalx.log) called PCAS_Migrate.csv. The file only contains errors and modified usernames. If the file appears empty, all accounts migrated successfully and without change. To open the file, use a spreadsheet application, such as Excel. The file displays original usernames, new usernames where the original usernames had to be modified, and any errors that were encountered during the migration. Possible errors include:

  • Failed to migrate: Indicates that the account could not be migrated for unexpected reasons.
  • Truncated password to 40 characters: Indicates that the user's password was too long for an admin-entered password and has been truncated to the first 40 characters of the password.
  • Failed Rename in Legacy Table (PCAS and Legacy out of sync!): Indicates that the new username was created in PCAS, but was not copied back over to the legacy table overwriting the original username; as a result, the user will not be able to sign in; therefore, manually change the user's username via the appropriate PowerSchool page.

If you are unable to identify a user by their username, the DCID value for that particular row in the appropriate table is given; you can use the DCID value to bring up the matching record in USM.

Using the information provided, you can notify users who usernames had to be modified (user names are modified to prevent duplicate user names from migrating to the new Password Rules Management PCAS tables, as well as to troubleshoot any data migration issues.

Installing PowerSchool

When installing, Password Rules Management is automatically set to the following default values for students, admins and teachers, and parents:

  • Password Complexity Rules (Minimum characters) – Set to 7.
  • Password Complexity Rules (Password contains) – Enabled.
  • Password Expiration Rule – Set to 60 days.
  • Password Reuse Rule – Set to 5.
  • Account Lockout Rule – Set to 5.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.