You can create a password policy for the specified environment. The POST /environments/{{envID}}/passwordPolicies
operation creates a password policy. The request body specifies values for the properties associated with the password policy.
The following password requirements property values cannot be modified at this time, but they can be excluded from the request to turn the requirement off.
Password requirement | Fixed value | Can be excluded |
---|---|---|
length.max |
255 | Yes |
length.min |
8 | Yes |
maxRepeatedCharacters |
2 | Yes |
minCharacters |
abcdefghijklmnopqrstuvwxyz": 1, “ABCDEFGHIJKLMNOPQRSTUVWXYZ”: 1, “0123456789”: 1, "~!@#$%^&*()-_=+[]{}|;:,.<>/?": 1 |
Yes |
minComplexity |
7 | Yes |
minUniqueCharacters |
5 | Yes |
The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off.
Password requirement | Default value | Can be excluded |
---|---|---|
maxAgeDays |
182 | Yes |
minAgeDays |
1 | Yes |
The minimum value for maxAgeDays
is minAgeDays
+ 21 (the expiration warning interval).
The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If history
is included, both values, count
and retentionDays
, must be defined. Likewise, if lockout
is included, both values, failureCount
and durationSeconds
, must be defined.
Password policy rule | Default value | Can be excluded |
---|---|---|
history.count |
6 | Yes |
history.retentionDays |
365 | Yes |
lockout.durationSeconds |
900 | Yes |
lockout.failureCount |
5 | Yes |
Password attributes with boolean values such as default
, excludesProfileData
, notSimilarToCurrent
, and excludesCommonlyUsed
are required. The rule can be turned on or off by changing the value.