PasswordPolicy

Create a PasswordPolicy Resource

new PasswordPolicy(name: string, args?: PasswordPolicyArgs, opts?: CustomResourceOptions);

def PasswordPolicy(resource_name, opts=None, auth_provider=None, description=None, email_recovery=None, groups_includeds=None, name=None, password_auto_unlock_minutes=None, password_dictionary_lookup=None, password_exclude_first_name=None, password_exclude_last_name=None, password_exclude_username=None, password_expire_warn_days=None, password_history_count=None, password_max_age_days=None, password_max_lockout_attempts=None, password_min_age_minutes=None, password_min_length=None, password_min_lowercase=None, password_min_number=None, password_min_symbol=None, password_min_uppercase=None, password_show_lockout_failures=None, priority=None, question_min_length=None, question_recovery=None, recovery_email_token=None, skip_unlock=None, sms_recovery=None, status=None, __props__=None);

func NewPasswordPolicy(ctx *Context, name string, args *PasswordPolicyArgs, opts ...ResourceOption) (*PasswordPolicy, error)

public PasswordPolicy(string name, PasswordPolicyArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args PasswordPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PasswordPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PasswordPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

PasswordPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The PasswordPolicy resource accepts the following input properties:

AuthProvider string: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE.
GroupsIncludeds List<string>: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password.
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit.
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int: Minimum password length.
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked.
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
QuestionMinLength int: Min length of the password recovery question answer.
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int: Lifetime in minutes of the recovery email token.
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
Status string: Policy Status: ACTIVE or INACTIVE.

AuthProvider string: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE.
GroupsIncludeds []string: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password.
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit.
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int: Minimum password length.
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked.
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
QuestionMinLength int: Min length of the password recovery question answer.
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int: Lifetime in minutes of the recovery email token.
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
Status string: Policy Status: ACTIVE or INACTIVE.

authProvider string: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
description string: Policy Description
emailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE.
groupsIncludeds string[]: List of Group IDs to Include
name string: Policy Name
passwordAutoUnlockMinutes number: Number of minutes before a locked account is unlocked: 0 = no limit.
passwordDictionaryLookup boolean: Check Passwords Against Common Password Dictionary.
passwordExcludeFirstName boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername boolean: If the user name must be excluded from the password.
passwordExpireWarnDays number: Length in days a user will be warned before password expiry: 0 = no warning.
passwordHistoryCount number: Number of distinct passwords that must be created before they can be reused: 0 = none.
passwordMaxAgeDays number: Length in days a password is valid before expiry: 0 = no limit.
passwordMaxLockoutAttempts number: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
passwordMinAgeMinutes number: Minimum time interval in minutes between password changes: 0 = no limit.
passwordMinLength number: Minimum password length.
passwordMinLowercase number: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
passwordMinNumber number: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
passwordMinSymbol number: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
passwordMinUppercase number: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
passwordShowLockoutFailures boolean: If a user should be informed when their account is locked.
priority number: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
questionMinLength number: Min length of the password recovery question answer.
questionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE.
recoveryEmailToken number: Lifetime in minutes of the recovery email token.
skipUnlock boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
smsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
status string: Policy Status: ACTIVE or INACTIVE.

auth_provider str: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
description str: Policy Description
email_recovery str: Enable or disable email password recovery: ACTIVE or INACTIVE.
groups_includeds List[str]: List of Group IDs to Include
name str: Policy Name
password_auto_unlock_minutes float: Number of minutes before a locked account is unlocked: 0 = no limit.
password_dictionary_lookup bool: Check Passwords Against Common Password Dictionary.
password_exclude_first_name bool: User firstName attribute must be excluded from the password
password_exclude_last_name bool: User lastName attribute must be excluded from the password
password_exclude_username bool: If the user name must be excluded from the password.
password_expire_warn_days float: Length in days a user will be warned before password expiry: 0 = no warning.
password_history_count float: Number of distinct passwords that must be created before they can be reused: 0 = none.
password_max_age_days float: Length in days a password is valid before expiry: 0 = no limit.
password_max_lockout_attempts float: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
password_min_age_minutes float: Minimum time interval in minutes between password changes: 0 = no limit.
password_min_length float: Minimum password length.
password_min_lowercase float: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
password_min_number float: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
password_min_symbol float: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
password_min_uppercase float: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
password_show_lockout_failures bool: If a user should be informed when their account is locked.
priority float: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
question_min_length float: Min length of the password recovery question answer.
question_recovery str: Enable or disable security question password recovery: ACTIVE or INACTIVE.
recovery_email_token float: Lifetime in minutes of the recovery email token.
skip_unlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
sms_recovery str: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
status str: Policy Status: ACTIVE or INACTIVE.

Outputs

All input properties are implicitly available as output properties. Additionally, the PasswordPolicy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing PasswordPolicy Resource

Get an existing PasswordPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PasswordPolicyState, opts?: CustomResourceOptions): PasswordPolicy

static get(resource_name, id, opts=None, auth_provider=None, description=None, email_recovery=None, groups_includeds=None, name=None, password_auto_unlock_minutes=None, password_dictionary_lookup=None, password_exclude_first_name=None, password_exclude_last_name=None, password_exclude_username=None, password_expire_warn_days=None, password_history_count=None, password_max_age_days=None, password_max_lockout_attempts=None, password_min_age_minutes=None, password_min_length=None, password_min_lowercase=None, password_min_number=None, password_min_symbol=None, password_min_uppercase=None, password_show_lockout_failures=None, priority=None, question_min_length=None, question_recovery=None, recovery_email_token=None, skip_unlock=None, sms_recovery=None, status=None, __props__=None);

func GetPasswordPolicy(ctx *Context, name string, id IDInput, state *PasswordPolicyState, opts ...ResourceOption) (*PasswordPolicy, error)

public static PasswordPolicy Get(string name, Input<string> id, PasswordPolicyState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthProvider string: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE.
GroupsIncludeds List<string>: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password.
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit.
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int: Minimum password length.
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked.
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
QuestionMinLength int: Min length of the password recovery question answer.
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int: Lifetime in minutes of the recovery email token.
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
Status string: Policy Status: ACTIVE or INACTIVE.

AuthProvider string: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE.
GroupsIncludeds []string: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password.
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit.
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int: Minimum password length.
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked.
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
QuestionMinLength int: Min length of the password recovery question answer.
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int: Lifetime in minutes of the recovery email token.
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
Status string: Policy Status: ACTIVE or INACTIVE.

authProvider string: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
description string: Policy Description
emailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE.
groupsIncludeds string[]: List of Group IDs to Include
name string: Policy Name
passwordAutoUnlockMinutes number: Number of minutes before a locked account is unlocked: 0 = no limit.
passwordDictionaryLookup boolean: Check Passwords Against Common Password Dictionary.
passwordExcludeFirstName boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername boolean: If the user name must be excluded from the password.
passwordExpireWarnDays number: Length in days a user will be warned before password expiry: 0 = no warning.
passwordHistoryCount number: Number of distinct passwords that must be created before they can be reused: 0 = none.
passwordMaxAgeDays number: Length in days a password is valid before expiry: 0 = no limit.
passwordMaxLockoutAttempts number: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
passwordMinAgeMinutes number: Minimum time interval in minutes between password changes: 0 = no limit.
passwordMinLength number: Minimum password length.
passwordMinLowercase number: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
passwordMinNumber number: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
passwordMinSymbol number: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
passwordMinUppercase number: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
passwordShowLockoutFailures boolean: If a user should be informed when their account is locked.
priority number: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
questionMinLength number: Min length of the password recovery question answer.
questionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE.
recoveryEmailToken number: Lifetime in minutes of the recovery email token.
skipUnlock boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
smsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
status string: Policy Status: ACTIVE or INACTIVE.

auth_provider str: Authentication Provider: OKTA or ACTIVE_DIRECTORY.
description str: Policy Description
email_recovery str: Enable or disable email password recovery: ACTIVE or INACTIVE.
groups_includeds List[str]: List of Group IDs to Include
name str: Policy Name
password_auto_unlock_minutes float: Number of minutes before a locked account is unlocked: 0 = no limit.
password_dictionary_lookup bool: Check Passwords Against Common Password Dictionary.
password_exclude_first_name bool: User firstName attribute must be excluded from the password
password_exclude_last_name bool: User lastName attribute must be excluded from the password
password_exclude_username bool: If the user name must be excluded from the password.
password_expire_warn_days float: Length in days a user will be warned before password expiry: 0 = no warning.
password_history_count float: Number of distinct passwords that must be created before they can be reused: 0 = none.
password_max_age_days float: Length in days a password is valid before expiry: 0 = no limit.
password_max_lockout_attempts float: Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
password_min_age_minutes float: Minimum time interval in minutes between password changes: 0 = no limit.
password_min_length float: Minimum password length.
password_min_lowercase float: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
password_min_number float: If a password must contain at least one number: 0 = no, 1 = yes. Default = 1
password_min_symbol float: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default = 1
password_min_uppercase float: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
password_show_lockout_failures bool: If a user should be informed when their account is locked.
priority float: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last/lowest if not there.
question_min_length float: Min length of the password recovery question answer.
question_recovery str: Enable or disable security question password recovery: ACTIVE or INACTIVE.
recovery_email_token float: Lifetime in minutes of the recovery email token.
skip_unlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
sms_recovery str: Enable or disable SMS password recovery: ACTIVE or INACTIVE.
status str: Policy Status: ACTIVE or INACTIVE.

Package Details

Repository: https://github.com/pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud