Password Expiration Warning
Hi all,
I have configured the password expiration feature in Zitadel under Organization Settings → Password Expiry. I set Maximum validity in days to 2 and Expiration warning after days to 1.
The maximum validity setting works as expected — after 2 days, the system requires me to set a new password.
However, the expiration warning setting does not seem to work. I did not receive any warning message on the login page before the password expired. I understand that no email notification is sent, but since there is a warning field on the login page, I expected a message there.
In summary, password expiration is working, but the warning message is not being displayed.
11 Replies
Hi @Kanimozhi, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. ZITADEL Default Settings (1) : This explains the password expiry settings configuration and confirms that ZITADEL will not notify the user about upcoming password expiration.
2. Get the password expiry settings (2) : Documents the API showing that
expireWarnDays specifies "Amount of days after which the user should be notified of the upcoming expiry. ZITADEL will not notify the user."
To learn more, see the sources I considered:
[1] ZITADEL Default Settings
[2] Get the password expiry settings
Feel free to tag @Ask Inkeep with additional questions.Hi @Rajat @Moderator @Dedicated Member , Can anyone please help me here?
hey @Kanimozhi thanks for your question, I will look into this.
Sure, Thanks for the response @Rajat !
hey @Kanimozhi are you o cloud or self hosted?.
self hosted actually
And this is the version "v2.60.0"
hey @Kanimozhi so its actually the same what the ai said 😅
the expiration warning setting (Expiration warning after days) in ZITADEL’s password expiry configuration tells the user that after how many days before password expiry a user should be notified of the upcoming expiration, BUT the documentation explicitly states: “ZITADEL will not notify the user” regarding this warning. I will comfirm with my team as to what exactly could be the use case since it is not currently used by ZITADEL to display warnings on the login page or send notifications.
I have just raised this internally, I should have an answer today 🙂
Sure, I have seen that there will be no notification through email. But we have the warning time period it should have any functionality right?
Sure, just let me know once you get to know!
Hi @Rajat, Any updates.
hey @Kanimozhi yes, I did asked around this could be possible in actions possibly.
You can read these settings on each login (preuserinfo), read the last time user changed their password and the
expireWarnDays value, and decide if you should send a notificationSo, that means this existing field we can't use?
@Rajat , I don't get this sorry.
@Rajat ,
We have already implemented password expiration checks during the login process. Additionally, for the Get Bulk Users functionality, it should be possible to retrieve only those users whose passwords are expiring soon, rather than fetching all users and then querying them afterwards.
hey @Kanimozhi how does your curl looks like, you can trigger the action to send password change notification