---
title: "Password Rotation"
description: "Configure password expiration and rotation requirements for your organization"
---

import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";

<PangolinCloudTocCta />



By default, Pangolin does not require passwords to be rotated on a regular basis. However, password rotation can be required on a per‑organization basis.

### Configuration

<Note>
Password expiry and rotation is an [Enterprise Edition](/self-host/enterprise-edition)-only feature.
</Note>

To enable password rotation, go to Organization Settings and select a maximum password age in the Security section. After the configured period expires, users will be prompted to change their password when accessing the organization or its resources.

- Password rotation is enforced on a per‑organization basis.
- Password rotation only applies to internal Pangolin user accounts. This policy does not apply to accounts linked to an external identity provider.
- Users who need to change their password will see a prompt directing them to update it before proceeding.