This article clarifies whether it is possible to configure different password complexity requirements, such as minimum length, for different groups of users within the same tenant or database connection.

• Database Connections

• Password Policy

• Universal Login

• Organizations

To enforce different password complexity requirements, multiple database connections must be used, as each connection maintains its own password settings.

1. Create a separate Database Connection for each password policy requirement.

2. Configure the desired password complexity settings for each connection.

3. Implement one of the following methods to direct users to the correct connection:

   • Separate Applications: If users access separate applications, enable only the relevant connection for each application.

   • Classic Universal Login: Use the connectionResolver to programmatically select the database connection.

     • NOTE: This method requires the Classic Universal Login experience and is not supported in the New Universal Login.

     • Selecting from multiple connection options

   • Connection Parameter: Configure the application to route the user to the /authorize endpoint with a connection query string parameter. The application must determine the correct connection before the authentication request, for example, by using vanity URLs or domain lookup.

     • Lock: Database/AD/LDAP Passive

   • Organizations: Use Organizations to constrain the connections available to a user based on the organization they access. Represent different customer groups as separate Organizations.

     • Understand Organizations

     • Enable Connections for Organizations

   NOTE: Database connections do not support Home Realm Discovery capabilities like Enterprise connections. Without the configurations above, Auth0 defaults to the first enabled database connection to authenticate the user.