Create Password Policies

Policy Name

Enter the name of the password policy.

Description

Enter the description of the password policy.

Apply

Click Apply to create the password policy.

Cancel

Click Cancel to cancel the changes made to the page.

Minimum Length

Enter the minimum number of characters that a password must contain for the password to be valid.

Minimum Password Age (Days)

Enter the minimum duration in days for which users can use a password.

Warn After (Days)

Enter the number of days that must pass before a user is notified that the user's password will expire on a designated date.

Disallow Past Passwords

Enter the frequency at which old passwords can be reused. This policy ensures that users do not change back and forth among a set of common passwords.

Expires After (Days)

Enter the maximum duration in days for which users can use a password.

Complex Password

Select Complex Password to evaluate password against the complex password criteria. If you select the Complex Password option, then you cannot use the Custom Policy option setup.

Custom Policy

Select Custom Policy to set a custom password policy by using the fields listed in Custom Policy section.

Maximum Length

Enter the maximum number of characters that a password can contain.

Maximum Repeated Characters

Enter the maximum number of times a character can be repeated in a password.

Minimum Numeric Characters

Enter the minimum number of digits that a password must contain.

Minimum Alphanumeric Characters

Enter the minimum number of letters or digits that a password must contain.

Minimum Unique Characters

Enter the minimum number of non-repeating characters that a password must contain.

Minimum Alphabet Characters

Enter the minimum number of letters that a password must contain.

Minimum Uppercase Characters

Enter the minimum number of uppercase letters that a password must contain.

Minimum Lowercase Characters

Enter the minimum number of lowercase letters that a password must contain.

Special Characters: Min

Enter the minimum number of special characters that a password must contain.

Special Characters: Max

Enter the maximum number of special characters that a password can contain.

Unicode Characters:Min

Enter the minimum number of Unicode characters that a password must contain.

Unicode Characters:Max

Enter the maximum number of Unicode characters that a password can contain.

Password File

Enter the path and name of a file that contains predefined terms, which are not allowed as passwords. The file must be stored on the same host on which Oracle Identity Manager is deployed.

File Delimiter

Enter the delimiter character used to separate terms in the password.

Characters Required

Enter the characters that a password must contain.

For example, if you enter x in the Characters Required field, then a password is accepted only if it contains the character x. The character you specify in the Characters Required field must be mentioned in the Characters Allowed field. If you enter a character in the Characters Required field that is not mentioned in the Characters Allowed field, then an error is displayed stating that the required characters must be in the list of allowed characters, and required characters must not be in the list of not allowed characters. In addition, if you specify more than one character, then do not provide delimiters. Commas and white spaces are also considered as characters in this field. For example, if you specify characters such as a,x,c, and then the password is not accepted unless it contains comma.

Characters Allowed

Enter the characters that a password can contain.

Characters Not Allowed

Enter the characters that a password must not contain.

Substrings Not Allowed

Enter the series of consecutive alphanumeric characters that a password must not contain. For example, if you enter oracle in the Substrings Not Allowed field, then a password is not accepted if it contains the letters o, r, a, c, l, and e, in successive order.

Maximum Incorrect Login attempts counter

Enter the maximum number of incorrect login attempt is allowed for a user.

Permanent Lockout

Select if the user has to be permanently lockout for exceeding maximum incorrect login attempt.

Lock Duration

Enter the duration (in minutes) for which the user is locked for exceeding maximum incorrect login attempt.

Start with Alphabet

Select if the password has to begin with a letter.

Disallow First Name

Select if the user's first name will not be accepted as the whole password or as part of the password.

Disallow User ID

Select if the user ID will not be accepted as the whole password or as part of the password.

Disallow Last Name

Select if the user's last name will not be accepted as the whole password or as part of the password.

Enable Challenge Policy Support

Select to enable configuration of challenge questions through password policy.

Allowed Challenges

Select the set of challenge question that has to be shown to the user. The options are: User Defined, Admin Defined, or User or Admin Defined.

Total Questions To Be Collected

Enter the total number of challenge questions a user needs to provide at login.

Minimum Correct Answers When Challenged

Enter the minimum number of correct answers the user needs to provide when he is asked the challenge questions.

Allow Duplicate Responses

Select if duplicate responses are allowed or not.

Minimum Answer Length

Enter the minimum length of answer for the challenge questions.

Lock User After Attempts

Enter the number of attempts before the user is locked if he provided wrong answers to the challenge questions.

View

Choose commands from the View menu to control how the columns are displayed:

• Columns: Click a column header name to quickly show or hide a single column. Select Show All to display all the columns.

Add

When Allowed Challenges is set to Admin Defined, User, or Admin Defined, challenge questions have to be added. Click Add to add challenge questions.

Questions

Enter challenge questions.

Delete

Click Delete to delete the selected challenge question.