Do not enforce minimum password life restrictions

Hello,

I have a use case where I am launching Grafana using Kickstart, the issue is that the accounts created by Kickstart are made with a default password, I have also set passwordChangeRequired = true for each user.

For the Tenant (also modified within Kickstart), I have specified a minimum password lifetime of 1 day. The issue arises when I launch Kickstart and try to log into an account immediately, this triggers the required password change as intended, but the minimum password lifetime causes a rejection of the change, as the password was set only moments ago, during the Kickstart phase.

Effectively, I am unable to use a FusionAuth user account until 1 day after the Kickstart has completed. Is there any solution to this issue, such as not enforcing the password minimum lifetime if the user was forced to change their password?

Thanks!

Hi,

I know that we are able to log out all idle users of an application, regardless of their role, based on the "Session timeout" parameter of the Tenant. Is it possible to instead define an idle session timeout that is based on the role of the user, rather than the tenant?

ie. I have userA and userB, both of which are registered in application A. However, userA is an admin whereas userB is an editor. Inside of application A, idle admins will get logged out in 10 minutes and idle editors will get logged out in 5. Therefore, if userA idles for 10 minutes, they will get logged out, whereas userB will get logged out in 5 minutes. Is that possible?

Thanks!