Enforcing Strong Password Policy in Grafana v11.0

Hi all,

While the latest Grafana version (v11.0) offers the “Strong password policy” feature, it seems user passwords aren’t automatically forced to change if they don’t meet the new criteria.

For our Grafana instance with a newly implemented password_policy, how can we ensure all users (especially those with non-compliant passwords) are prompted to change their passwords upon next login?

Are there any recommended workarounds or alternative solutions to achieve this enforcement?

Thank you all for any insight you may provide.

Reference:

Hi again,

I’m still looking for a solution to enforce the strong password policy for all users, especially those whose passwords no longer comply with our new password policy.

Attempted Solutions:

  • Manual Notifications: Inefficient for all users.
  • Documentation: No direct guidance on enforcing changes for existing non-compliant passwords.
  • API Exploration: Considering using the API to flag accounts but need advice on the best approach.

Questions:

  1. Has anyone enforced a password change for non-compliant passwords in Grafana v11.0?
  2. Any recommended scripts, API methods, or plugins to automate this?
  3. Are there overlooked security settings that can help enforce this policy?

Any insights or suggestions would be greatly appreciated!

Thank you!

Looks like such type of enforcing was not incorporated as of now…

May be it’s better to clarify this at github page of this feature or create a new issue there

Thank you very much indeed for your reply.