Policies allow you to define OneLogin password requirements and IP address restrictions at different levels in your account. You can define as many policies as you want and apply them to specific groups or individual users. The default policy will apply for any user that has no user or group policy.

A policy has the following settings:

• User passwords expire in – the number of days between forced OneLogin password changes
• Enforce password history – allows you to prevent users from reusing old OneLogin passwords
• Minimum password length – the minimum required length of OneLogin passwords 
• Password complexity requirement – defines the minimum required password complexity, e.g. alphanumeric and special characters
• Maximum invalid login attemps – maximum consecutive failed login attemps before account is locked 
• Lock effective period –  number of minutes a user's login is locked after failed login
• IP address restrictions – allows you to restrict access to individual IP addresses