Using deny lists in the Identity Platform
Applies to Identity Platform release 24.04 or later
Use deny lists in the SecureAuth Identity Platform to define banned passwords when users reset their passwords. You can add keywords manually, one at at time, or do a bulk upload using a CSV file.
Note
The keyword in the deny list is case sensitive. If the password is an exact match, it will be rejected.
After you set up your deny lists, you include them in a password policy. Then, you attach the password policy to an authentication policy. You can have more than one deny list in a password policy.
To add a password policy, see Using a password policy in the Identity Platform.
To attach a password policy to an authentication policy, see Policy configuration - Login workflow.
Deny list CSV file upload requirements
There is no file size limit or limit on the number of keywords you can upload. The CSV file format can be a single line with keywords separated by a comma like the following:
Example CSV format with comma-separated values in one cell
123456,123456789,qwerty,password,1111111,12345678,abc123,1234567,password1,12345,1234567890,123123,000000
Alternatively, you can have a CSV file with keywords in a single column like the following:
Example CSV format with comma-separated values in one column
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020
Adding keywords to a deny list
In the Identity Platform, on the left side of the page, click Deny Lists.
Do one of the following:
To add a new deny list, click New Deny List and give it a name.
To edit a deny list, click the pencil icon next to the name of the deny list to edit.
Do one of the following:
To add a single keyword, in the Add keywords field, type the keyword and press Enter.
To bulk upload many keywords, select Upload CSV from the Actions dropdown menu.
Select the
.csv
file to upload and click Open.
Save your changes.
Next steps
In the password policy, include the deny lists you want to enforce for user password resets.