The PUT /environments/{{envID}}/users/{{userID}}/password endpoint sets a password for the user identified by the user ID and environment ID. This is most often used when the password is being imported from an external identity provider, and you want to retain the password in PingOne.
This operation uses the application/vnd.pingidentity.password.set+json custom media type as the content type in the request header.
| Property | Type | Required? |
|---|---|---|
value |
String | Required |
forceChange |
Boolean | Required |
password.external.gateway.id |
String | Optional |
password.external.gateway.correlationAttributes |
Object | Optional |
password.external.gateway.correlationAttributes.uid |
String | Optional |
password.external.gateway.correlationAttributes.mail |
String | Optional |
password.external.gateway.userType.id |
String | Optional |
See the User operations data model for full property descriptions.
The request body shows how to specify the optional password.external.gateway object to reference an external gateway for the set password operation, if the user information is stored in an external directory. See the Users Data Model for descriptions of the password.external.gateway properties.
In the request body, the forceChange value specifies whether the user must change the current password on the next login. If forceChange is set to true, the status attribute value is changed to MUST_CHANGE_PASSWORD. If forceChange is omitted from the request, its value is set to false by default, and the status attribute value is set to OK. The bypassPolicy value specifies whether the user’s password policy should be ignored. If this property is omitted from the request, its value is set to false.
The value attribute specifies the value of the new password assigned to this user. The password can be either cleartext or pre-encoded. Cleartext passwords are evaluated against the current password policy. Pre-encoded passwords are not evaluated against the password policy. See Password encoding for our supported encodings for passwords.
If a cleartext password is provided and it does not meet the password quality requirements, the following error is returned.
400 BAD REQUEST
{
"id":"6c796712-0f16-4062-815a-e0a92f4a2143",
"code":"INVALID_DATA",
"message":"The data provided was invalid.",
"details":[
{
"code":"INVALID_VALUE",
"target":"value",
"message":"The password did not satisfy password policy requirements",
"innerError":{
"unsatisfiedRequirements":["excludesProfileData", "length"]
}
}
]
}The password policy attribute names returned in the unsatisfiedRequirements array identify the specific password policy requirements that the submitted password does not meet.