@omryc3 Have you tested the authentication tokens and seeing if the password policy applies to them? I'm not sure myself, but it should be an easy test to run.

It is not possible to have different password rules apply to users in the same tenant, since they are tenant level policies and apply to every user within a tenant.

You could have the users that you want to have no password expiration use OIDC to login against a third party server. (And that server could be a different FusionAuth instance.)