Skip to main content

Using a password policy in the Identity Platform

Use a password policy in the SecureAuth Identity Platform to define password complexity rules and include deny lists for when end users need to reset passwords and unlock their own accounts. Deny lists can include words, fragments of words, and symbols not allowed in a user password.

When you set up a password policy, you then attach it in the Password Reset page configuration.

IdP_pw_policy.png

Add or edit an Identity Platform password policy

Note

You can define multiple password policies, but you only associate one password policy to each internal application.

  1. In the Identity Platform, on the left side of the page, click Password Policies.

  2. Do one of the following:

    • To add a new password policy, click Add Password policies and give it a name.

    • To edit a password policy, click the pencil icon next to the name of the password policy to edit.

  3. Set any of the following password policy rules:

    Password Deny List

    Include one or more deny lists.

    This allows you to include a list of words, fragments of words, and symbols not allowed in any part of a user password.

    For more information on how to set up and use a password deny list, see Using deny lists in the Identity Platform.

    Password Complexity section

    Allowed to contain the user's account name

    Move the slider to allow the username in the password.

    For example, John Smith uses jsmith as his username to login. If the slider is set to ON, then it allows jsmith as part of his password.

    Minimum length of password

    Set the minimum password length.

    For example, a setting of 20 requires that a password must contain at least 20 characters.

    Minimum number of letters, symbols, and number

    Set the minimum number of character types to include in the password requirements. The available character types are: numbers, symbols, uppercase letters, and lowercase letters.

    For example, if the value is set to 2, the password must contain at least two different types of characters. In this use case, p@ssword is a valid option because it contains two different character types: lowercase letter and symbol. 1234 would be invalid because it only contains only one type of character.

    The only possible values are 0-4.

    Numbers (0-9)

    Set the minimum number of numeric characters in a password.

    For example, a value of 1 requires that at least one number must be included in a password, like passw0rd.

    Symbols (all symbols accepted)

    Set the minimum number of symbol characters in a password.

    For example, a value of 1 requires that at least one symbol must be included in a password, like p@ssword.

    English uppercase (A-Z)

    Set the minimum number of uppercase letters in a password.

    For example, a value of 1 requires that at least one uppercase letter must be included in a password, like passWord.

    English lowercase (a-z)

    Set the minimum number of lowercase letters in a password.

    For example, a value of 1 requires that at least one lowercase letter must be included in a password, like pASSWORD.

  4. Save your changes.

Next steps

Go to the Internal Application Manager and attach the password policy in the Password Reset page configuration.