Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Portal password expiry period

With the new portal password expiry period, you can set per portal domain after how many days a password expires and how many days in advance users receive a warning. MSR-1133 | October 2025

Who is this feature relevant for?

Organizations with high security requirements for their candidate or client portals..

The benefits at a glance

  • Prevent portal users from using the same password indefinitely.

  • Configure per portal domain after how many days passwords expire (e.g., 90, 180, or 365 days).

  • Automatically warn users before the expiry date (e.g., 14 days in advance).

  • Meet security and compliance requirements without manual management.

  • Track when a password was last changed (separately for candidates and contacts).

Feature explanation

When a user logs in, the system checks the date the password was last changed and compares it to the configured expiry and warning periods.

  • If the expiry date has been reached, the user must change the password before access is granted.

  • If the user is within the warning period, the user can change the password but may still skip this step.

  • If no expiry policy is set, passwords remain valid without an expiration date.

Separate fields are used for the candidate and client portals so that the expiry period is correctly applied to each.

Set-up

Important when enabling this feature
From this release onward, the system records the last password change date. When this feature is enabled, many portal users may not yet have changed their password, meaning their last password change date is still empty. Note: in this case, the system will assume the password has expired. These users will therefore be required to change their password at the next login.

If this is not desired, you can use a data conversion action with SF Inspector or Data Loader to populate the new fields msf__Last_Password_Change_Date_Candidate__c and msf__Last_Password_Change_Date_Contactperson__c with a date, so that passwords expire at the intended moment.

Custom metadata types
Go to the custom metadata types Portal Domains.
Set the fields Password Expiration Days and Password Expiration Warning Days to enable this feature.
By default, these fields are empty, which means the feature is disabled.


Feature Implementation Time

  • Simple implementation: less than 30 minutes

 

🔗 Here you can find all features from the October Release 2025.