Managing Password Policies
Create and manage group-based password policies for an identity domain in IAM.
Required Policy or Role
- Be a member of the Administrators group
- Be granted the Identity Domain Administrator role or the Security Administrator role
- Be a member of a group granted
manage
domains
Working with Password Policies
Password policies let you define a set of criteria for user passwords in an identity domain in IAM. The criteria are enforced when a user creates their own password for an identity domain.
Password policies are assigned to groups. All users who are members of the group must meet the requirements of the password policy when creating passwords for their accounts. You can create up to 10 password policies per identity domain and assign each policy a priority. When a user is a member of more than one group, the password policy with the highest priority applies when that user creates their password.
If a user is a member of a group that doesn't have a password policy assigned, the default password policy is enforced.
Password Policy Validation
Password validation doesn't happen at runtime.
Deleting Password Policies
When you delete a password policy, the groups, and therefore users of the groups, are no longer associated with it. Password criteria for those users reverts to the highest-priority password policy assigned to them.
When you delete a group, the password policy attached to the group is no longer be assigned to users who had been members of the group. Instead, the highest priority password policy available is applied to the users.
Types of Password Policies
- Simple: Use this policy for developer services and demos when you don't want to customize a policy for them. You can't change this type of password policy.
- Standard: Use this policy when you don't want to use the Oracle-recommended password policy for your enterprise applications. You can't change this type of password policy.
- Custom: Use this policy to tailor the strength of your password policy to meet the business and security requirements for your enterprise applications. It's your responsibility to make the minimal requirements of the custom password policy strong.
Limits for Password Policies
An identity domain in IAM has the following password policy limits.
You can create up to 10 password policies per identity domain.
You can't assign a group to more than one password policy.