Password Dictionary

The password dictionary is a set of words (or character strings) that have been deemed impermissible as passwords or password contents for the specific IdentityIQ installation. It is populated by importing a Dictionary XML object through the iiq console or the Import from File option under System Setup. The XML looks like this, and the prohibited words in the password dictionary are included as <DictionaryTerm> elements:

Copy

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE sailpoint PUBLIC "sailpoint.dtd" "sailpoint.dtd">
  
 <sailpoint>
    <ImportAction name='merge'>
      <Dictionary name="PasswordDictionary">
       <Terms>
         <DictionaryTerm value="password"/>
         <DictionaryTerm value="identity"/>
       </Terms>
      </Dictionary>
    </ImportAction>
 </sailpoint>

Include the <ImportAction name='merge'> element to add new terms to the dictionary without overwriting the existing dictionary entries. Omit this element to overwrite the dictionary with a new set of terms.

If removing terms or replacing the entire dictionary, then delete the dictionary object first using the console or debug pages. The terminator will handle removing both the Dictionary and the dictionaryTerms.

Note: Terms included in this dictionary are prohibited even as any part of a password when password dictionary validation is enforced. For example, if the term "rock" were included in the password dictionary, these passwords would all be prohibited: rocketlauncher, sprocket, Sh@mrock125. Additionally, validation against the password dictionary is case insensitive, so RocKeTTe would also be prohibited in this case.


	You are here: