Password Policy Tab

Use the password policy tab to select and create password policies which apply to specified applications.

The password policy panel contains the following:

Name

The name of your password policy.

Description

A brief description of the password policy.

Click an existing password policy to edit it or click Create New Policy to configure one from scratch.

Password Policy Name

The name of your password policy.

Password Policy Description

A brief description of the password policy.

Minimum number of characters

The minimum number of characters required for a valid password.

Maximum number of characters

The maximum number of characters allowed for a valid password.

Minimum number of letters

The minimum number of letters required for a valid password.

Minimum number of character type constraints to meet

The minimum number of character types (digits, upper case, lower case, special) allowed for a valid password.

Minimum number of digits

The maximum number of numerical digits allowed for a valid password.

Minimum number of uppercase letters

The minimum number of uppercase letters required for a valid password.

Minimum number of lowercase letters

The minimum number of lowercase letters required for a valid password.

Minimum number of special characters

The minimum number of special characters required for a valid password.

Number of repeated characters allowed

The maximum number of consecutive repeated characters allowed in a valid password. For example, if this option is set to 2, "cloudd" and "cclooud" are valid, but "clouddd," "cloooud" and "cccloud" are invalid. This value also sets the maximum number of occurrences of repeated characters allowed in a valid  password. For example, if this option is set to 2, "happy123" is valid, however, "happy22" and "happpy123" are not.

In this example, when "cclooudd" is an invalid password, the following error message is displayed: Password should not contain more than 2 occurrence(s) of the repeated characters. When "clouddd" is an invalid password, the following error message is displayed: Password should not contain more than 2 consecutive repeated characters.

Setting this value to zero has the same effect as leaving this field blank, allowing any number of repeated and consecutive characters.

To prevent the use of any consecutive repeated characters, set this value to 1. Setting the value to 1 does not prevent using a character more than once, as long as the characters are not consecutive. For example, with a value of 1, "kitkat" is valid but "kitten" is not.

Password history length

The number of past passwords that cannot be used again.

Triviality check against old password

Ensure that the shorter of the old and new password is not a substring of the other.

Both passwords are changed to upper case prior to the check.

Minimum number of characters by position

The minimum number of unique characters by position the new password. Can be used to ensure that not just the first or last character is being changed.
Select Case sensitive check to ensure that more than just the case is changing in the new password.

Validate passwords against the password dictionary

Select this option to disallow the use of any password defined in the password dictionary. The password dictionary is a configurable list of terms unavailable for use as passwords. The passwordDictionary.xml file located in IdentityIQ/WEB-INF/config/.

Validate passwords against the identity's list of attributes

Select to disallow the use of Identity attribute values as passwords.

Validate password against the account's display name

Select to disallow the use of the account's display name as the password (exact match by default).

Enter a Minimum word length to define the minimum length of a substring of the account’s display name allowed in the password.

Validate password against account ID

Select to disallow the use of the account's ID as the password (exact match by default).

Enter a Minimum word length to define the minimum length of a substring of the display name of the account allowed in the password.

Validate passwords against the identity's account attributes

Select to disallow the use of Identity link attribute values as passwords.

Enter a Minimum word length to define the minimum length of a substring of the account's ID allowed in the password.

Configure Password Filter

Select a filter that selects the identities to which this password policy applies. Select from the following filters:

  • All – all identities have this password policy applied
    Match List – only identities whose criteria match that specified in the list. The criteria is configured using the tools provided. Add identity attributes, application attributes and application permissions. Customize further by creating attribute groups to which this password policy applies.

    Note: If Is Null is selected, the associated value text box is disabled. When the is null match is processed, the term matches users on the chosen application who have a null value for that attribute/permission.

  • Filter – use an XML filter or compound filter to determine the identities to which this password policy applies.

  • Script – use a BeanShell script to determine the identities to which this password policy applies.

  • Rule – use a rule to determine the identities to which this password policy applies.

  • Population – select a population to which this password policy applies.