While the latest Grafana version (v11.0) offers the “Strong password policy” feature, it seems user passwords aren’t automatically forced to change if they don’t meet the new criteria.
For our Grafana instance with a newly implemented password_policy, how can we ensure all users (especially those with non-compliant passwords) are prompted to change their passwords upon next login?
Are there any recommended workarounds or alternative solutions to achieve this enforcement?
I’m still looking for a solution to enforce the strong password policy for all users, especially those whose passwords no longer comply with our new password policy.
Attempted Solutions:
Manual Notifications: Inefficient for all users.
Documentation: No direct guidance on enforcing changes for existing non-compliant passwords.
API Exploration: Considering using the API to flag accounts but need advice on the best approach.
Questions:
Has anyone enforced a password change for non-compliant passwords in Grafana v11.0?
Any recommended scripts, API methods, or plugins to automate this?
Are there overlooked security settings that can help enforce this policy?
Any insights or suggestions would be greatly appreciated!
We had a similar issue in our Grafana setup a while back, and what helped us was using a tool called Strong PIN Generator alongside the password policy.
It’s a neat solution that acts like a random pin generator, which we found really useful for creating secure, compliant passwords on the fly. For enforcing the change, we ended up manually prompting users via a login screen message to change their password.
It’s not perfect, but it’s a decent workaround if Grafana itself isn’t pushing those changes automatically. Would love to hear if anyone has a smoother solution!
