Create Password Policy
POST {{apiPath}}/environments/{{envID}}/passwordPolicies
You can create a password policy for the specified environment. The POST /environments/{{envID}}/passwordPolicies operation creates a password policy. The request body specifies values for the properties associated with the password policy.
Prerequisites
- See Password Policies for important overview information.
See the Password policies data model for full property descriptions.
| Property | Type | Required? |
|---|---|---|
bypassPolicy | Boolean | Optional |
default | Boolean | Required |
description | String | Optional |
excludesCommonlyUsed | Boolean | Required |
excludesProfileData | Boolean | Required |
history.count | Integer | Optional |
history.retentionDays | Integer | Optional |
length.max | Integer | Optional |
length.min | Integer | Optional |
lockout.durationSeconds | Integer | Optional |
lockout.failureCount | Integer | Optional |
maxAgeDays | Integer | Optional |
maxRepeatedCharacters | Integer | Optional |
minAgeDays | Integer | Optional |
minCharacters | String[] | Optional |
minComplexity | Integer | Optional |
minUniqueCharacters | Integer | Optional |
name | String | Required |
notSimilarToCurrent | Boolean | Required |
The following password requirements property values cannot be modified at this time, but they can be excluded from the request to turn the requirement off.
| Password requirement | Fixed value | Can be excluded |
|---|---|---|
length.max | 255 | Yes |
length.min | 8 | Yes |
maxRepeatedCharacters | 2 | Yes |
minCharacters | abcdefghijklmnopqrstuvwxyz: 1, ABCDEFGHIJKLMNOPQRSTUVWXYZ: 1, 0123456789: 1, "~!@#$%&*()-_=+[]{}\ | ;:,.<>/?": 1 |
minComplexity | 7 | Yes |
minUniqueCharacters | 5 | Yes |
The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off.
| Password requirement | Default value | Can be excluded |
|---|---|---|
maxAgeDays | 182 | Yes |
minAgeDays | 1 | Yes |
The minimum value for maxAgeDays is minAgeDays + 21 (the expiration warning interval).
The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If history is included, both values, count and retentionDays, must be defined. Likewise, if lockout is included, both values, failureCount and durationSeconds, must be defined.
| Password policy rule | Default value | Can be excluded |
|---|---|---|
history.count | 6 | Yes |
history.retentionDays | 365 | Yes |
lockout.durationSeconds | 900 | Yes |
lockout.failureCount | 5 | Yes |
Password attributes with boolean values such as default, excludesProfileData, notSimilarToCurrent, and excludesCommonlyUsed are required. The rule can be turned on or off by changing the value.
Request Body
{"name"=>"PassphraseCustom1", "description"=>"A policy that encourages the use of passphrases", "excludesProfileData"=>true, "notSimilarToCurrent"=>true, "excludesCommonlyUsed"=>true, "minComplexity"=>7, "maxAgeDays"=>182, "minAgeDays"=>1, "history"=>{"count"=>8, "retentionDays"=>365}, "lockout"=>{"failureCount"=>3, "durationSeconds"=>900}, "default"=>false}
RESPONSES
status: Created
{"_links":{"self":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/0604f534-a757-4cc7-acc0-045b115d10b7"},"environment":{"href":"https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"}},"id":"0604f534-a757-4cc7-acc0-045b115d10b7","environment":{"id":"abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"},"name":"PassphraseCustom1","description":"A policy that encourages the use of passphrases","excludesProfileData":true,"notSimilarToCurrent":true,"excludesCommonlyUsed":true,"minComplexity":7,"maxAgeDays":182,"minAgeDays":1,"history":{"count":8,"retentionDays":365},"lockout":{"failureCount":3,"durationSeconds":900},"default":false}