You can update the password policy for the specified environment by changing the values of its properties. The PUT /environments/{environmentId}/passwordPolicies/{policyId} operation updates the password policy specified by the policy ID in the request URL. The request body specifies values for the properties associated with the password policy.

The following password requirements property values cannot be modified at this time, but they can be excluded from the request to turn the requirement off.

Password requirement Fixed value Can be excluded
length.min 8 Yes
length.max 255 Yes
maxRepeatedCharacters 2 Yes
minUniqueCharacters 5 Yes
minCharacters abcdefghijklmnopqrstuvwxyz": 1,
“ABCDEFGHIJKLMNOPQRSTUVWXYZ”: 1,
“0123456789”: 1,
"~!@#$%^&*()-_=+[]{}|;:,.<>/?": 1
Yes

The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off.

Password requirement Default value Can be excluded
maxAgeDays 182 Yes
minAgeDays 1 Yes

The minimum value for maxAgeDays is minAgeDays + 21 (the expiration warning interval).

The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If history is included, both values, count and retentionDays, must be defined. Likewise, if lockout is included, both values, failureCount and durationSeconds, must be defined.

Password policy rule Default value Can be excluded
history.count 6 Yes
history.retentionDays 365 Yes
lockout.failureCount 5 Yes
lockout.durationSeconds 900 Yes

Password attributes with boolean values such as default, excludesProfileData, notSimilarToCurrent, and excludesCommonlyUsed are required. The rule can be turned on or off by changing the value.

The sample request provided changes the Basic password policy by setting the lockout.failureCount property value to 8.