You can create a password policy for the specified environment. The POST /environments/{{envID}}/passwordPolicies operation creates a password policy. The request body specifies values for the properties associated with the password policy.

The following password requirements property values cannot be modified at this time, but they can be excluded from the request to turn the requirement off.

Password requirement Fixed value Can be excluded
length.max 255 Yes
length.min 8 Yes
maxRepeatedCharacters 2 Yes
minCharacters abcdefghijklmnopqrstuvwxyz": 1,
“ABCDEFGHIJKLMNOPQRSTUVWXYZ”: 1,
“0123456789”: 1,
"~!@#$%^&*()-_=+[]{}|;:,.<>/?": 1
Yes
minComplexity 7 Yes
minUniqueCharacters 5 Yes

The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off.

Password requirement Default value Can be excluded
maxAgeDays 182 Yes
minAgeDays 1 Yes

The minimum value for maxAgeDays is minAgeDays + 21 (the expiration warning interval).

The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If history is included, both values, count and retentionDays, must be defined. Likewise, if lockout is included, both values, failureCount and durationSeconds, must be defined.

Password policy rule Default value Can be excluded
history.count 6 Yes
history.retentionDays 365 Yes
lockout.durationSeconds 900 Yes
lockout.failureCount 5 Yes

Password attributes with boolean values such as default, excludesProfileData, notSimilarToCurrent, and excludesCommonlyUsed are required. The rule can be turned on or off by changing the value.