Configuring Password Policies

The name of your password policy.

A brief description of the password policy.

The name of your password policy.

A brief description of the password policy.

The minimum number of characters required for a valid password.

The maximum number of characters allowed for a valid password.

The minimum number of letters required for a valid password.

The minimum number of character types (digits, upper case, lower case, special) allowed for a valid password.

The maximum number of numerical digits allowed for a valid password.

The minimum number of uppercase letters required for a valid password.

The minimum number of lowercase letters required for a valid password.

The minimum number of special characters required for a valid password.

The maximum number of consecutive repeated characters allowed in a valid password. For example, if this option is set to 2, "cloudd" and "cclooud" is valid, but "clouddd", "cloooud" and "cccloud" are invalid.

For "cclooudd" invalid password, the following error message is displayed: Password should not contain more than 2 occurrence(s) of the repeated characters.

For "Clouddd" invalid password, the following error message is displayed: Password should not contain more than 2 consecutive repeated characters.

The maximum number of occurrences of repeat characters allowed in a valid  password. For example, if this option is set to 1, "happy123" is valid, but "happy123dd" and "happpy123" are not.

The number of past passwords that cannot be used again.

Ensure that the shorter of the old and new password is not a substring of the other.

Both passwords are changed to upper case prior to the check.

The minimum number of unique characters by position the new password. Can be used to ensure that not just the first or last character is being changed.

Select Case sensitive check to ensure that more than just the case is changing in the new password.

Select this option to disallow the use of any password defined in the password dictionary. The password dictionary is a configurable list of terms unavailable for use as passwords. The passwordDictionary.xml file located in IdentityIQ/WEB-INF/config/.

Select to disallow the use of Identity attribute values as passwords.

Select to disallow the use of the account’s display name as the password (exact match by default).

Enter a Minimum word length to define the minimum length of a substring of the account’s display name allowed in the password.

Select to disallow the use of the account’s ID as the password (exact match by default).

Enter a Minimum word length to define the minimum length of a substring of the display name of the account allowed in the password.

Select a filter that selects the identities to which this password policy applies. Select from the following filters:

• All — all identities have this password policy applied
  Match List — only identities whose criteria match that specified in the list. The criteria is configured using the tools provided. Add identity attributes, application attributes and application permissions. Customize further by creating attribute groups to which this password policy applies.

  If Is Null is selected, the associated value text box is disabled. When the is null match is processed, the term matches users on the chosen application who have a null value for that attribute/permission.

• Filter — use an XML filter or compound filter to determine the identities to which this password policy applies.

• Script — use a BeanShell script to determine the identities to which this password policy applies.

• Rule — use a rule to determine the identities to which this password policy applies.

• Population — select a population to which this password policy applies.