Introduction
Different password policies can be defined for each target system. The policy always consists of a combination of a regex pattern array and a validation text, which in turn is defined as a name key. The name key in turn allows the text to be translated into multiple languages.
Properties
Whenever you are creating of updating a catalog, you have to specify the following properties:
Property | Data Type | Mandatory | Example | Description |
---|---|---|---|---|
| String | Default Password Policy | The name of the password policy | |
| String |
|
| Whether or not the user must change his password upon the first logon |
| DropDown | An optional password expiration rule | ||
| Bool |
|
| Whether or not the users password should be checked against the current password policy upon logon. If the password does not meet the criteria of the password policy, the user is forced to change his password. |
| Bool |
| Whether or not the password should be checked against a blacklist. For details, see the black list section further down the documentation. | |
| Bool |
| Whether or not the password should be checked against the current password upon a password change. If enabled, the password will be checked against all provisioned identities of the current core identity. This check is performed in the target system itself and will therefore affect the execution times of a password change. | |
| Bool |
|
| If enabled, the user will be asked to change his password if it’s on the black list. If disabled, the user will be presented with a warning instead. |
| Bool |
| 1 | The amount of password hashes that are kept in the system to check the new password against. If set to 0, none will be kept. |
Regex-Pattern-Array
The regex pattern array is a list of several regex patterns. This list must be entered in the JSON syntax.
...
Code Block | ||
---|---|---|
| ||
[ ".{8,32}" ] |
Validation text
For each regex pattern array a validation text can be defined, which is displayed to the user if one of the patterns does not apply.
Default-Guideline
If no password policy is assigned to a target system, the default policy applies, which has the following conditions defined:
...
Regex | Name-Key | Text |
---|---|---|
| Global.Validation.Password.Uppercase | Please enter at least one capital letter |
| Global.Validation.Password.Lowercase | Please enter at least one lowercase letter |
| Global.Validation.Password.Number | Please enter at least one number |
| Global.Validation.Password.specialcharacter | Please enter at least one special character |
| Global.Validation.Password.8To32Characters | Please enter between 8 and 32 letters |
| Global.Validation.Password.DoesNot10charcacter | Please increase the password length to min. 10 character |
...