search
how tos

Configure Password Policy

You can configure password requirements for people who use your apps. When you configure a password policy, the policy applies to all users across all your apps in the tenant.

To use the Express console: Go to Configure > Password Policy.

alt text


To use the Express REST APIs: In the Express Postman Collection,
go to Authentication APIs > Authentication. To use the Express APIs: In the Postman collection, go to Management APIs > Password Policies.

alt text

Password Policy API Options

Property Options
disallowFirstNamePart True = Any part of first name not allowed (case insensitive)
disallowLastNamePart True = Any part of last name not allowed (case insensitive)
lockoutPasswordAttempts Number of failed password attempts allowed before locking an account.
0 = Lockout disabled
maxPasswordAge Number of months password is valid
Maximum = 24855
0 = No maximum age
minPasswordLength Number of characters allowed
Minimum = 8
Maximum = 64
requireEmailVerification True = User must verify new account by email
requireLowerCaseLetter True = Minimum 1 lowercase letter required
requireNumber True = Minimum 1 number required
requireSymbol True = Minimum 1 special character required from:
~ ! @ # $ % ^ & * ( ) - _ = + [ ] { } | ; : , . < > / ?
requireUpperCaseLetter True = Minimum 1 uppercase letter required
selfServeUnlockDuration Number of minutes before account can be unclocked
Minimum = 1
Maximum = 30

For example, if you want to change password policy options, use the following REST call. Substitute your TENANT_NAME and ACCESS_TOKEN. Include desired settings in the data (-d) block of your REST call, as shown here:

content_copy COPY

curl -X PUT \
https://api-TENANT_NAME.forgeblocks.com/v1/password-policy \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-H 'cache-control: no-cache' \
  -d '{
    "disallowFirstNamePart": true,
    "disallowLastNamePart": true,
    "lockoutPasswordAttempts": 5,
    "maxPasswordAge": 0,
    "minPasswordLength": 10,
    "requireEmailVerification": true,
    "requireLowerCaseLetter": true,
    "requireNumber": true,
    "requireSymbol": true,
    "requireUpperCaseLetter": true,
    "selfServeUnlockDuration": 10
}'

Note: If you don’t include one or more of the properties in the REST call, you’ll see an error message to that effect, such as:

{
  "errors": [
    {
      "code": 0,
      "message": "\"lockoutPasswordAttempts\" is required"
    }
  ]
}

For questions or feedback, contact us.