Executing Expire All Passwords is a serious action with broad organizational impact. The steps below describe the safe execution path for an incident-response scenario, with the audit and communication work that needs to happen alongside the click.
- Confirm the scenario justifies the action
Verify with security and incident response that a global expiration is needed. For most cases, a targeted reset on the affected user is sufficient and far less disruptive.
- Audit integration credentials
List every integration using username and password authentication against the org. Plan a credential reset for each immediately after the global expiration; integrations will break until reset.
- Verify SSO health
Confirm SAML SSO, social login, and any other federated paths are working. Test from a non-admin account. Broken SSO combined with expired passwords leaves users locked out.
- Pre-communicate to the org
Send an email or Slack notification explaining the planned action, the reset process, and the expected timeline. For emergencies, send during the action as part of the incident announcement.
- Execute the action
Setup > Users > Expire All Passwords. Read the confirmation message; click to confirm. The action processes within minutes.
- Verify in Setup Audit Trail
Open Setup Audit Trail and confirm the action is logged with your name and timestamp. Capture a screenshot.
- Reset integration credentials
For each integration audited in step 2, manually set a new password and update the integration configuration with the new credential. Test each integration end-to-end before declaring complete.
The one-click global action. Setup > Users > Expire All Passwords.
Field on the User object. Set to true to force a specific user to reset on next login. The targeted alternative.
Button on the User detail page. Immediately resets the user's password and emails them the reset link.
Org setting that automatically expires passwords on a schedule (90 days, 180 days). The non-emergency way to enforce regular rotation.
Update User.ForcePasswordChange = true for a filtered subset (specific profile) via Data Loader. The targeted-by-profile alternative.
- Integration users with password-based auth break immediately. Audit before executing and plan credential resets for every such integration.
- Users with stale email on the User record cannot complete the reset. Verify email validity for at least the critical user population before executing.
- The action is irreversible. There is no undo and no way to roll back. Confirm the decision before clicking.
- The Setup Audit Trail captures the action only at the org level, not per user. The trail does not show which users actually reset; pair with login history for that view.
- Hitting the password-change screen looks like a phishing attack to many users. Without pre-communication, the help desk sees a wave of "I think we got hacked" tickets.