https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idi-p/1669407 <P>As new NIST publications come out and organizations adopt the new requirements of the NIST publication, existing accounts need to be brought into compliance. In reading the <A href="https://support.esri.com/en-us/knowledge-base/faq-must-members-of-an-arcgis-online-organization-chang-000022734" target="_self">Esri Support FAQ</A>, it states that members of an ArcGIS Online organization are not required to update their passwords upon logging in after an organization's password policy change. This poses a compliance issue for organizations to ensure that their accounts are complying with the new NIST requirements.</P><P>My idea is that upon saving changes to the Password Policy, Administrators be asked the question of whether or not they would like all non-compliant users to be forced to change their password to a compliant password at next login. This would give organizations the assurance that they need to ensure that users are complying with the new password policy.</P> Mon, 01 Dec 2025 18:50:24 GMT GregMattis_CalFire 2025-12-01T18:50:24Z https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idi-p/1669407 <P>As new NIST publications come out and organizations adopt the new requirements of the NIST publication, existing accounts need to be brought into compliance. In reading the <A href="https://support.esri.com/en-us/knowledge-base/faq-must-members-of-an-arcgis-online-organization-chang-000022734" target="_self">Esri Support FAQ</A>, it states that members of an ArcGIS Online organization are not required to update their passwords upon logging in after an organization's password policy change. This poses a compliance issue for organizations to ensure that their accounts are complying with the new NIST requirements.</P><P>My idea is that upon saving changes to the Password Policy, Administrators be asked the question of whether or not they would like all non-compliant users to be forced to change their password to a compliant password at next login. This would give organizations the assurance that they need to ensure that users are complying with the new password policy.</P> Mon, 01 Dec 2025 18:50:24 GMT https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idi-p/1669407 GregMattis_CalFire 2025-12-01T18:50:24Z https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idc-p/1678758#M13654 <P><a href="https://community.esri.com/t5/user/viewprofilepage/user-id/874321">@GregMattis_CalFire</a>&nbsp; Any movement or feedback from ESRI yet? I am looking to do the exact same thing and am not seeing any other documentation out there from ESRI regarding this sort of update.&nbsp;</P> Tue, 20 Jan 2026 15:58:51 GMT https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idc-p/1678758#M13654 Theisen 2026-01-20T15:58:51Z https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idc-p/1699629#M14049 <P><a href="https://community.esri.com/t5/user/viewprofilepage/user-id/827590">@Theisen</a>&nbsp;No I have not heard anything else on this.</P> Fri, 01 May 2026 17:35:35 GMT https://community.esri.com/t5/arcgis-online-ideas/allow-administrators-to-control-if-users-must/idc-p/1699629#M14049 GregMattis_CalFire 2026-05-01T17:35:35Z