Create Password Policy
POST/createSavPasswordPolicy
This API creates a password policy for your organization.
The Authorization
must have a Bearer
followed by a Token
.
Mandatory Parameters:
policyname
: Specify a unique name for the policy. You can include names such as ApplicationPolicy to better identify the type of policy.expireafter
: Specify length of time until a user password expires and must be changed. You can enter only numeric values.
Optional Parameters:
-
description
: StartFragmentSpecify an optional description for the policy. -
scope
: Specify the application or user you wish to apply the policy to.APPLICATION
: Specify this option, if you want to assign the password policy to applications and cannot be used to validate passwords when users’ passwords are changed.USER
: Specify this option, if you want to assign the password policy at the user level. To change or reset user passwords in EIC, at least one password policy with USER scope must be available. This policy is invoked when a user password change or reset is initiated.
-
regex
: You can specify regular expressions (regex) to define specific password patterns. -
maxrepetedcharacters
: Specify the maximum number of duplicate characters that a password can contain. For example, if you specify2
, then a password is not accepted if any character is repeated more than two times. You can set a value between1
and10
numeric characters. -
minimumnumericcharacters
: Specify the minimum number of numeric characters that a password must contain. For example: if you specify3
, then password should have at least 3 numbers. StartFragmentYou can set a value between1
and10
numeric characters. -
minimumspecialcharacter
: Specify the minimum number of special characters that a password must contain. -
minimumalphanumericcharacters
: Specify the minimum number of alphanumeric characters that a password must contain. For example, if minimum alphanumeric characters specified is8
and if the password specified is 'john12
' then the password is not accepted as it is short of two characters in this case with the configured value of8
characters. -
minimumuniquecharacters
: Specify the minimum number of unique characters that a password must contain. Unique characters do not take into consideration duplicate characters. -
minimumalphabetcharacters
: Specify the minimum number of alphabetic characters that a password must contain. -
minimumuppercasecharacters
: Specify the minimum number of uppercase letters that a password must contain. For example, if minimum uppercase characters are specified as 2 and if password specified is John123 then the password is not accepted as only 1 Uppercase letter is specified in this case. -
minimumlowercasecharacters
: Specify minimum number of lowercase letters that a password must contain. For example, if minimum lowercase characters are specified as 2 and if password specified is JOHn123 then the password is not accepted as only 1 lowercase letter is specified in this case. -
disallowlastpassword
: Specify the frequency to prevent users from using any previous passwords whose change or reset process was initiated from EIC and not from the target applications. For example, if you specify 10, then users are allowed to reuse a password only after using 10 unique passwords. You can set a value between 1 and 25 numeric characters. -
useblacklistdictionary
: SpecifyYES
to enable the the password blacklist dictionary. A password is rejected if its value matches a term in a dictionary that you configure. -
blacklistedattributes
: Specify the user attributes query to prevent users from using their user or account information. -
minimumage
: Specify the minimum period, in hours to limit how frequently users can change the password. For example, if you enter 2, then the user cannot change the password before 2 hours of creating the password. -
regexdescription
: Specify a custom regular expression error message if the end user password does not match the regex password policy configuration. -
sendnotification
: Specifytrue
to send notifications to end users informing them of their upcoming password expiration. Notification emails can be sent to both user and account passwords. -
notificationemailtemplate:
-
daystonotify
: Specify the days, before user passwords expire (including service account owners) to send expiry notification email. -
primaryidentificationattr
: Specify the parameter to validate the identity of the calling user and make their details visible to the Helpdesk users. -
secondaryidentificationattr
: Specify the parameter to validate the identity of the calling user and make their details visible to the Helpdesk users. -
resetpasswordnotification
: You can send user password change or password reset notifications to end users. Specify the email template to customize the notification that the user receives.
, `minimumage`, `regexdescription`, `sendnotification`, `notificationemailtemplate`, `daystonotify`, `primaryidentificationattr`, `secondaryidentificationattr`, `resetpasswordnotification`
-
Request
Path Parameters
- application/json
Body
Responses
- 200
Create Password Policy
Response Headers
Access-Control-Allow-Credentials
string
Access-Control-Allow-Origin
string
Cache-Control
string
Date
string
Expires
string
Pragma
string
Referrer-Policy
string
Server
string
Set-Cookie
string
Strict-Transport-Security
string
Transfer-Encoding
string
X-Content-Type-Options
string
X-Frame-Options
string
X-XSS-Protection
string
- application/json
- Schema
- Example (from schema)
- Create Password Policy
Schema
{
"errorcode": 0,
"msg": "success"
}
{
"errorcode": 0,
"msg": "success"
}