Skip to main content

Using deny lists in the Identity Platform

Applies to Identity Platform release 24.04 or later

Use deny lists in the SecureAuth Identity Platform to define banned passwords when users reset their passwords. You can add keywords manually, one at at time, or do a bulk upload using a CSV file.

Note

The keyword in the deny list is case sensitive. If the password is an exact match, it will be rejected.

IdP_deny_list.png

After you set up your deny lists, you include them in a password policy. Then, you attach the password policy to an authentication policy. You can have more than one deny list in a password policy.

To add a password policy, see Using a password policy in the Identity Platform.

To attach a password policy to an authentication policy, see Policy configuration - Login workflow.

IdP_pw_policy-deny_list.png

Deny list CSV file upload requirements

There is no file size limit or limit on the number of keywords you can upload. The CSV file format can be a single line with keywords separated by a comma like the following:

Example CSV format with comma-separated values in one cell

123456,123456789,qwerty,password,1111111,12345678,abc123,1234567,password1,12345,1234567890,123123,000000

Alternatively, you can have a CSV file with keywords in a single column like the following:

Example CSV format with comma-separated values in one column

2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020

Adding keywords to a deny list

  1. In the Identity Platform, on the left side of the page, click Deny Lists.

  2. Do one of the following:

    • To add a new deny list, click New Deny List and give it a name.

    • To edit a deny list, click the pencil icon next to the name of the deny list to edit.

  3. Do one of the following:

    • To add a single keyword, in the Add keywords field, type the keyword and press Enter.

    • To bulk upload many keywords, select Upload CSV from the Actions dropdown menu.

      Select the .csv file to upload and click Open.

  4. Save your changes.

Next steps

In the password policy, include the deny lists you want to enforce for user password resets.