User Credentials Timeout

The admin can choose to expire user credentials after a configurable number of days. Once credentials have expired, all API calls are going to error out. Only api/useraccount is supported at this point, to enable the user to change the password. If the user has configured an email address, “Forgot Password” workflow can also be followed as this point to reset the password.

The administrator controls this feature via Avi Vantage’s CLI or REST API. The setting for it is maintained within the UserAccountProfile object. By default, all the users in the system are attached to “Default-User-Account-Profile,” as shown below. If required, the admin can create a new user account profile with different thresholds.
admin:10-10-24-52]: > show useraccountprofile Default-User-Account-Profile
+-------------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------------+---------------------------------------------------------+
| uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 |
| name | Default-User-Account-Profile |
| max_password_history_count | 0 |
| max_login_failure_count | 20 |
| account_lock_timeout | 30 |
| max_concurrent_sessions | 0 |
| credentials_timeout_threshold | 0 |
+-------------------------------+---------------------------------------------------------+
CLI commands to set credentials_timeout_threshold:
[admin:10-10-24-52]: > configure useraccountprofile Default-User-Account-Profile
Updating an existing object. Currently, the object is:
[admin:10-10-24-52]: useraccountprofile> credentials_timeout_threshold 60
Overwriting the previously entered value for credentials_timeout_threshold
[admin:10-10-24-52]: useraccountprofile> save
+-------------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------------+---------------------------------------------------------+
| uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 |
| name | Default-User-Account-Profile |
| max_password_history_count | 0 |
| max_login_failure_count | 20 |
| account_lock_timeout | 30 |
| max_concurrent_sessions | 0 |
| credentials_timeout_threshold | 60 |
+-------------------------------+---------------------------------------------------------+