diff --git a/db/migrate/20221008032350_add_password_expiration_migration.rb b/db/migrate/20221008032350_add_password_expiration_migration.rb
new file mode 100644
index 0000000000000000000000000000000000000000..7dbc73294bbd77e478c8c07bb44cea39de499668
--- /dev/null
+++ b/db/migrate/20221008032350_add_password_expiration_migration.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class AddPasswordExpirationMigration < Gitlab::Database::Migration[2.0]
+  def change
+    add_column :application_settings, :password_expiration_enabled, :boolean, default: false, null: false,
+                                                                              comment: 'JiHu-specific column'
+    add_column :application_settings, :password_expires_in_days, :integer, default: 90, null: false,
+                                                                           comment: 'JiHu-specific column'
+    add_column :application_settings, :password_expires_notice_before_days, :integer, default: 7, null: false,
+                                                                                      comment: 'JiHu-specific column'
+  end
+end
diff --git a/db/migrate/20221012033107_add_password_last_changed_at_to_user_details.rb b/db/migrate/20221012033107_add_password_last_changed_at_to_user_details.rb
new file mode 100644
index 0000000000000000000000000000000000000000..db2f411ab928c5df8e271c3a7132682bc804ccba
--- /dev/null
+++ b/db/migrate/20221012033107_add_password_last_changed_at_to_user_details.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AddPasswordLastChangedAtToUserDetails < Gitlab::Database::Migration[2.0]
+  enable_lock_retries!
+
+  def change
+    add_column :user_details, :password_last_changed_at, :datetime_with_timezone, comment: 'JiHu-specific column'
+  end
+end
diff --git a/db/schema_migrations/20221008032350 b/db/schema_migrations/20221008032350
new file mode 100644
index 0000000000000000000000000000000000000000..8b76b056a77bdf9cd452730e7bc3285086b1fb4b
--- /dev/null
+++ b/db/schema_migrations/20221008032350
@@ -0,0 +1 @@
+c5e373b1b416455b67b7bc0affe244295e1f1a2f105fe8ef6efddf8b07da2a86
\ No newline at end of file
diff --git a/db/schema_migrations/20221012033107 b/db/schema_migrations/20221012033107
new file mode 100644
index 0000000000000000000000000000000000000000..ba1df6370d31e84bb3ca383f76c25d565b32bfac
--- /dev/null
+++ b/db/schema_migrations/20221012033107
@@ -0,0 +1 @@
+23252a63b8aab6a062cf22db563f8518213d40110449732866e6d8d5092d369e
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 3d607b2ea405e328e9e5c87f9d15638f69125c78..f36419194c85eb49b1e06dff64d2f619529573c3 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -11488,6 +11488,9 @@ CREATE TABLE application_settings (
     lock_maven_package_requests_forwarding boolean DEFAULT false NOT NULL,
     lock_pypi_package_requests_forwarding boolean DEFAULT false NOT NULL,
     lock_npm_package_requests_forwarding boolean DEFAULT false NOT NULL,
+    password_expiration_enabled boolean DEFAULT false NOT NULL,
+    password_expires_in_days integer DEFAULT 90 NOT NULL,
+    password_expires_notice_before_days integer DEFAULT 7 NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)),
     CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
@@ -11570,6 +11573,12 @@ COMMENT ON COLUMN application_settings.encrypted_feishu_app_secret IS 'JiHu-spec
 
 COMMENT ON COLUMN application_settings.encrypted_feishu_app_secret_iv IS 'JiHu-specific column';
 
+COMMENT ON COLUMN application_settings.password_expiration_enabled IS 'JiHu-specific column';
+
+COMMENT ON COLUMN application_settings.password_expires_in_days IS 'JiHu-specific column';
+
+COMMENT ON COLUMN application_settings.password_expires_notice_before_days IS 'JiHu-specific column';
+
 CREATE SEQUENCE application_settings_id_seq
     START WITH 1
     INCREMENT BY 1
@@ -22079,6 +22088,7 @@ CREATE TABLE user_details (
     registration_objective smallint,
     phone text,
     requires_credit_card_verification boolean DEFAULT false NOT NULL,
+    password_last_changed_at timestamp with time zone,
     CONSTRAINT check_245664af82 CHECK ((char_length(webauthn_xid) <= 100)),
     CONSTRAINT check_a73b398c60 CHECK ((char_length(phone) <= 50)),
     CONSTRAINT check_eeeaf8d4f0 CHECK ((char_length(pronouns) <= 50)),
@@ -22087,6 +22097,8 @@ CREATE TABLE user_details (
 
 COMMENT ON COLUMN user_details.phone IS 'JiHu-specific column';
 
+COMMENT ON COLUMN user_details.password_last_changed_at IS 'JiHu-specific column';
+
 CREATE SEQUENCE user_details_user_id_seq
     START WITH 1
     INCREMENT BY 1
diff --git a/spec/migrations/20221008032350_add_password_expiration_migration_spec.rb b/spec/migrations/20221008032350_add_password_expiration_migration_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..05e557f1f52313b76104b2a331e049d99f7f1cc7
--- /dev/null
+++ b/spec/migrations/20221008032350_add_password_expiration_migration_spec.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe AddPasswordExpirationMigration do
+  let(:application_setting) { table(:application_settings).create! }
+
+  describe "#up" do
+    it 'allows to read password expiration fields' do
+      migrate!
+
+      expect(application_setting.password_expiration_enabled).to eq false
+      expect(application_setting.password_expires_in_days).to eq 90
+      expect(application_setting.password_expires_notice_before_days).to eq 7
+    end
+  end
+end
diff --git a/spec/migrations/20221012033107_add_password_last_changed_at_to_user_details_spec.rb b/spec/migrations/20221012033107_add_password_last_changed_at_to_user_details_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..46a7b097d02959c9533acb1e3591590230df63c0
--- /dev/null
+++ b/spec/migrations/20221012033107_add_password_last_changed_at_to_user_details_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+require_migration!
+
+RSpec.describe AddPasswordLastChangedAtToUserDetails do
+  let_it_be(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') }
+  let_it_be(:users) { table(:users) }
+  let_it_be(:user) { create_user! }
+  let(:user_detail) { table(:user_details).create!(user_id: user.id, provisioned_by_group_id: namespace.id) }
+
+  describe "#up" do
+    it 'allows to read password_last_changed_at' do
+      migrate!
+
+      expect(user_detail.password_last_changed_at).to eq nil
+    end
+  end
+
+  private
+
+  def create_user!(name: "Example User", email: "user@example.com", user_type: nil)
+    users.create!(
+      name: name,
+      email: email,
+      username: name,
+      projects_limit: 0,
+      user_type: user_type,
+      confirmed_at: Time.current
+    )
+  end
+end