Introduction

Different password policies can be defined for each target system. The policy always consists of a combination of a regex pattern array and a validation text, which in turn is defined as a name key. The name key in turn allows the text to be translated into multiple languages.

Regex-Pattern-Array

The regex pattern array is a list of several regex patterns. This list must be entered in the JSON syntax.

Example multiple conditions:

[ ".{8,32}", "[A-Z]", "[a-z]", "[0-9]" ]

Beispiel einfache Bedingung:

[ ".{8,32}" ]

Validation text

For each regex pattern array a validation text can be defined, which is displayed to the user if one of the patterns does not apply.

Default-Guideline

If no password policy is assigned to a target system, the default policy applies, which has the following conditions defined:

• At least one capital letter

• At least one lowercase letter

• Length between 8 and 32 characters

Generate Password Workflow Definition Id

Whenever a new password for an identity with the the given password policy has to be generated, you can specify a workflow to override the default behavior. The default behavior calculates the new password that matches the default password policy.

If you have configured a more complex password policy or you want tho check the generated password against an external system, against a customized password black list or any other special use case, use your own workflow. The Generate Random String activity is particularly useful in this case.

The workflow that will be triggered does have the default input data and no additional input.