Password
Creates a Password Policy.
This resource allows you to create and configure a Password Policy.
Example Usage
using Pulumi;
using Okta = Pulumi.Okta;
class MyStack : Stack
{
public MyStack()
{
var example = new Okta.Policy.Password("example", new Okta.Policy.PasswordArgs
{
Description = "Example",
GroupsIncludeds =
{
data.Okta_group.Everyone.Id,
},
PasswordHistoryCount = 4,
Status = "ACTIVE",
});
}
}
Coming soon!
import pulumi
import pulumi_okta as okta
example = okta.policy.Password("example",
description="Example",
groups_includeds=[data["okta.group.Group"]["everyone"]["id"]],
password_history_count=4,
status="ACTIVE")import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.policy.Password("example", {
description: "Example",
groupsIncludeds: [okta_group_everyone.id],
passwordHistoryCount: 4,
status: "ACTIVE",
});Create a Password Resource
new Password(name: string, args?: PasswordArgs, opts?: CustomResourceOptions);def Password(resource_name, opts=None, auth_provider=None, description=None, email_recovery=None, groups_includeds=None, name=None, password_auto_unlock_minutes=None, password_dictionary_lookup=None, password_exclude_first_name=None, password_exclude_last_name=None, password_exclude_username=None, password_expire_warn_days=None, password_history_count=None, password_max_age_days=None, password_max_lockout_attempts=None, password_min_age_minutes=None, password_min_length=None, password_min_lowercase=None, password_min_number=None, password_min_symbol=None, password_min_uppercase=None, password_show_lockout_failures=None, priority=None, question_min_length=None, question_recovery=None, recovery_email_token=None, skip_unlock=None, sms_recovery=None, status=None, __props__=None);func NewPassword(ctx *Context, name string, args *PasswordArgs, opts ...ResourceOption) (*Password, error)public Password(string name, PasswordArgs? args = null, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PasswordArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
Password Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The Password resource accepts the following input properties:
- Auth
Provider string Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- Description string
Policy Description.
- Email
Recovery string Enable or disable email password recovery: ACTIVE or INACTIVE.
- Groups
Includeds List<string> List of Group IDs to Include.
- Name string
Policy Name.
- Password
Auto intUnlock Minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- Password
Dictionary boolLookup Check Passwords Against Common Password Dictionary.
- Password
Exclude boolFirst Name User firstName attribute must be excluded from the password.
- Password
Exclude boolLast Name User lastName attribute must be excluded from the password.
- Password
Exclude boolUsername If the user name must be excluded from the password.
- Password
Expire intWarn Days Length in days a user will be warned before password expiry: 0 = no warning.
- Password
History intCount Number of distinct passwords that must be created before they can be reused: 0 = none.
- Password
Max intAge Days Length in days a password is valid before expiry: 0 = no limit.“,
- Password
Max intLockout Attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- Password
Min intAge Minutes Minimum time interval in minutes between password changes: 0 = no limit.
- Password
Min intLength Minimum password length. Default is 8.
- Password
Min intLowercase Minimum number of lower case characters in password.
- Password
Min intNumber Minimum number of numbers in password.
- Password
Min intSymbol Minimum number of symbols in password.
- Password
Min intUppercase Minimum number of upper case characters in password.
- Password
Show boolLockout Failures If a user should be informed when their account is locked.
- Priority int
Priority of the policy.
- Question
Min intLength Min length of the password recovery question answer.
- Question
Recovery string Enable or disable security question password recovery: ACTIVE or INACTIVE.
- Recovery
Email intToken Lifetime in minutes of the recovery email token.
- Skip
Unlock bool When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- Sms
Recovery string Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- Status string
Policy Status:
"ACTIVE"or"INACTIVE".
- Auth
Provider string Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- Description string
Policy Description.
- Email
Recovery string Enable or disable email password recovery: ACTIVE or INACTIVE.
- Groups
Includeds []string List of Group IDs to Include.
- Name string
Policy Name.
- Password
Auto intUnlock Minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- Password
Dictionary boolLookup Check Passwords Against Common Password Dictionary.
- Password
Exclude boolFirst Name User firstName attribute must be excluded from the password.
- Password
Exclude boolLast Name User lastName attribute must be excluded from the password.
- Password
Exclude boolUsername If the user name must be excluded from the password.
- Password
Expire intWarn Days Length in days a user will be warned before password expiry: 0 = no warning.
- Password
History intCount Number of distinct passwords that must be created before they can be reused: 0 = none.
- Password
Max intAge Days Length in days a password is valid before expiry: 0 = no limit.“,
- Password
Max intLockout Attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- Password
Min intAge Minutes Minimum time interval in minutes between password changes: 0 = no limit.
- Password
Min intLength Minimum password length. Default is 8.
- Password
Min intLowercase Minimum number of lower case characters in password.
- Password
Min intNumber Minimum number of numbers in password.
- Password
Min intSymbol Minimum number of symbols in password.
- Password
Min intUppercase Minimum number of upper case characters in password.
- Password
Show boolLockout Failures If a user should be informed when their account is locked.
- Priority int
Priority of the policy.
- Question
Min intLength Min length of the password recovery question answer.
- Question
Recovery string Enable or disable security question password recovery: ACTIVE or INACTIVE.
- Recovery
Email intToken Lifetime in minutes of the recovery email token.
- Skip
Unlock bool When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- Sms
Recovery string Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- Status string
Policy Status:
"ACTIVE"or"INACTIVE".
- auth
Provider string Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- description string
Policy Description.
- email
Recovery string Enable or disable email password recovery: ACTIVE or INACTIVE.
- groups
Includeds string[] List of Group IDs to Include.
- name string
Policy Name.
- password
Auto numberUnlock Minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- password
Dictionary booleanLookup Check Passwords Against Common Password Dictionary.
- password
Exclude booleanFirst Name User firstName attribute must be excluded from the password.
- password
Exclude booleanLast Name User lastName attribute must be excluded from the password.
- password
Exclude booleanUsername If the user name must be excluded from the password.
- password
Expire numberWarn Days Length in days a user will be warned before password expiry: 0 = no warning.
- password
History numberCount Number of distinct passwords that must be created before they can be reused: 0 = none.
- password
Max numberAge Days Length in days a password is valid before expiry: 0 = no limit.“,
- password
Max numberLockout Attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- password
Min numberAge Minutes Minimum time interval in minutes between password changes: 0 = no limit.
- password
Min numberLength Minimum password length. Default is 8.
- password
Min numberLowercase Minimum number of lower case characters in password.
- password
Min numberNumber Minimum number of numbers in password.
- password
Min numberSymbol Minimum number of symbols in password.
- password
Min numberUppercase Minimum number of upper case characters in password.
- password
Show booleanLockout Failures If a user should be informed when their account is locked.
- priority number
Priority of the policy.
- question
Min numberLength Min length of the password recovery question answer.
- question
Recovery string Enable or disable security question password recovery: ACTIVE or INACTIVE.
- recovery
Email numberToken Lifetime in minutes of the recovery email token.
- skip
Unlock boolean When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- sms
Recovery string Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- status string
Policy Status:
"ACTIVE"or"INACTIVE".
- auth_
provider str Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- description str
Policy Description.
- email_
recovery str Enable or disable email password recovery: ACTIVE or INACTIVE.
- groups_
includeds List[str] List of Group IDs to Include.
- name str
Policy Name.
- password_
auto_ floatunlock_ minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- password_
dictionary_ boollookup Check Passwords Against Common Password Dictionary.
- password_
exclude_ boolfirst_ name User firstName attribute must be excluded from the password.
- password_
exclude_ boollast_ name User lastName attribute must be excluded from the password.
- password_
exclude_ boolusername If the user name must be excluded from the password.
- password_
expire_ floatwarn_ days Length in days a user will be warned before password expiry: 0 = no warning.
- password_
history_ floatcount Number of distinct passwords that must be created before they can be reused: 0 = none.
- password_
max_ floatage_ days Length in days a password is valid before expiry: 0 = no limit.“,
- password_
max_ floatlockout_ attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- password_
min_ floatage_ minutes Minimum time interval in minutes between password changes: 0 = no limit.
- password_
min_ floatlength Minimum password length. Default is 8.
- password_
min_ floatlowercase Minimum number of lower case characters in password.
- password_
min_ floatnumber Minimum number of numbers in password.
- password_
min_ floatsymbol Minimum number of symbols in password.
- password_
min_ floatuppercase Minimum number of upper case characters in password.
- password_
show_ boollockout_ failures If a user should be informed when their account is locked.
- priority float
Priority of the policy.
- question_
min_ floatlength Min length of the password recovery question answer.
- question_
recovery str Enable or disable security question password recovery: ACTIVE or INACTIVE.
- recovery_
email_ floattoken Lifetime in minutes of the recovery email token.
- skip_
unlock bool When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- sms_
recovery str Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- status str
Policy Status:
"ACTIVE"or"INACTIVE".
Outputs
All input properties are implicitly available as output properties. Additionally, the Password resource produces the following output properties:
Look up an Existing Password Resource
Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PasswordState, opts?: CustomResourceOptions): Passwordstatic get(resource_name, id, opts=None, auth_provider=None, description=None, email_recovery=None, groups_includeds=None, name=None, password_auto_unlock_minutes=None, password_dictionary_lookup=None, password_exclude_first_name=None, password_exclude_last_name=None, password_exclude_username=None, password_expire_warn_days=None, password_history_count=None, password_max_age_days=None, password_max_lockout_attempts=None, password_min_age_minutes=None, password_min_length=None, password_min_lowercase=None, password_min_number=None, password_min_symbol=None, password_min_uppercase=None, password_show_lockout_failures=None, priority=None, question_min_length=None, question_recovery=None, recovery_email_token=None, skip_unlock=None, sms_recovery=None, status=None, __props__=None);func GetPassword(ctx *Context, name string, id IDInput, state *PasswordState, opts ...ResourceOption) (*Password, error)public static Password Get(string name, Input<string> id, PasswordState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Auth
Provider string Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- Description string
Policy Description.
- Email
Recovery string Enable or disable email password recovery: ACTIVE or INACTIVE.
- Groups
Includeds List<string> List of Group IDs to Include.
- Name string
Policy Name.
- Password
Auto intUnlock Minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- Password
Dictionary boolLookup Check Passwords Against Common Password Dictionary.
- Password
Exclude boolFirst Name User firstName attribute must be excluded from the password.
- Password
Exclude boolLast Name User lastName attribute must be excluded from the password.
- Password
Exclude boolUsername If the user name must be excluded from the password.
- Password
Expire intWarn Days Length in days a user will be warned before password expiry: 0 = no warning.
- Password
History intCount Number of distinct passwords that must be created before they can be reused: 0 = none.
- Password
Max intAge Days Length in days a password is valid before expiry: 0 = no limit.“,
- Password
Max intLockout Attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- Password
Min intAge Minutes Minimum time interval in minutes between password changes: 0 = no limit.
- Password
Min intLength Minimum password length. Default is 8.
- Password
Min intLowercase Minimum number of lower case characters in password.
- Password
Min intNumber Minimum number of numbers in password.
- Password
Min intSymbol Minimum number of symbols in password.
- Password
Min intUppercase Minimum number of upper case characters in password.
- Password
Show boolLockout Failures If a user should be informed when their account is locked.
- Priority int
Priority of the policy.
- Question
Min intLength Min length of the password recovery question answer.
- Question
Recovery string Enable or disable security question password recovery: ACTIVE or INACTIVE.
- Recovery
Email intToken Lifetime in minutes of the recovery email token.
- Skip
Unlock bool When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- Sms
Recovery string Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- Status string
Policy Status:
"ACTIVE"or"INACTIVE".
- Auth
Provider string Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- Description string
Policy Description.
- Email
Recovery string Enable or disable email password recovery: ACTIVE or INACTIVE.
- Groups
Includeds []string List of Group IDs to Include.
- Name string
Policy Name.
- Password
Auto intUnlock Minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- Password
Dictionary boolLookup Check Passwords Against Common Password Dictionary.
- Password
Exclude boolFirst Name User firstName attribute must be excluded from the password.
- Password
Exclude boolLast Name User lastName attribute must be excluded from the password.
- Password
Exclude boolUsername If the user name must be excluded from the password.
- Password
Expire intWarn Days Length in days a user will be warned before password expiry: 0 = no warning.
- Password
History intCount Number of distinct passwords that must be created before they can be reused: 0 = none.
- Password
Max intAge Days Length in days a password is valid before expiry: 0 = no limit.“,
- Password
Max intLockout Attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- Password
Min intAge Minutes Minimum time interval in minutes between password changes: 0 = no limit.
- Password
Min intLength Minimum password length. Default is 8.
- Password
Min intLowercase Minimum number of lower case characters in password.
- Password
Min intNumber Minimum number of numbers in password.
- Password
Min intSymbol Minimum number of symbols in password.
- Password
Min intUppercase Minimum number of upper case characters in password.
- Password
Show boolLockout Failures If a user should be informed when their account is locked.
- Priority int
Priority of the policy.
- Question
Min intLength Min length of the password recovery question answer.
- Question
Recovery string Enable or disable security question password recovery: ACTIVE or INACTIVE.
- Recovery
Email intToken Lifetime in minutes of the recovery email token.
- Skip
Unlock bool When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- Sms
Recovery string Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- Status string
Policy Status:
"ACTIVE"or"INACTIVE".
- auth
Provider string Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- description string
Policy Description.
- email
Recovery string Enable or disable email password recovery: ACTIVE or INACTIVE.
- groups
Includeds string[] List of Group IDs to Include.
- name string
Policy Name.
- password
Auto numberUnlock Minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- password
Dictionary booleanLookup Check Passwords Against Common Password Dictionary.
- password
Exclude booleanFirst Name User firstName attribute must be excluded from the password.
- password
Exclude booleanLast Name User lastName attribute must be excluded from the password.
- password
Exclude booleanUsername If the user name must be excluded from the password.
- password
Expire numberWarn Days Length in days a user will be warned before password expiry: 0 = no warning.
- password
History numberCount Number of distinct passwords that must be created before they can be reused: 0 = none.
- password
Max numberAge Days Length in days a password is valid before expiry: 0 = no limit.“,
- password
Max numberLockout Attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- password
Min numberAge Minutes Minimum time interval in minutes between password changes: 0 = no limit.
- password
Min numberLength Minimum password length. Default is 8.
- password
Min numberLowercase Minimum number of lower case characters in password.
- password
Min numberNumber Minimum number of numbers in password.
- password
Min numberSymbol Minimum number of symbols in password.
- password
Min numberUppercase Minimum number of upper case characters in password.
- password
Show booleanLockout Failures If a user should be informed when their account is locked.
- priority number
Priority of the policy.
- question
Min numberLength Min length of the password recovery question answer.
- question
Recovery string Enable or disable security question password recovery: ACTIVE or INACTIVE.
- recovery
Email numberToken Lifetime in minutes of the recovery email token.
- skip
Unlock boolean When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- sms
Recovery string Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- status string
Policy Status:
"ACTIVE"or"INACTIVE".
- auth_
provider str Authentication Provider:
"OKTA"or"ACTIVE_DIRECTORY". Default is"OKTA".- description str
Policy Description.
- email_
recovery str Enable or disable email password recovery: ACTIVE or INACTIVE.
- groups_
includeds List[str] List of Group IDs to Include.
- name str
Policy Name.
- password_
auto_ floatunlock_ minutes Number of minutes before a locked account is unlocked: 0 = no limit.
- password_
dictionary_ boollookup Check Passwords Against Common Password Dictionary.
- password_
exclude_ boolfirst_ name User firstName attribute must be excluded from the password.
- password_
exclude_ boollast_ name User lastName attribute must be excluded from the password.
- password_
exclude_ boolusername If the user name must be excluded from the password.
- password_
expire_ floatwarn_ days Length in days a user will be warned before password expiry: 0 = no warning.
- password_
history_ floatcount Number of distinct passwords that must be created before they can be reused: 0 = none.
- password_
max_ floatage_ days Length in days a password is valid before expiry: 0 = no limit.“,
- password_
max_ floatlockout_ attempts Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
- password_
min_ floatage_ minutes Minimum time interval in minutes between password changes: 0 = no limit.
- password_
min_ floatlength Minimum password length. Default is 8.
- password_
min_ floatlowercase Minimum number of lower case characters in password.
- password_
min_ floatnumber Minimum number of numbers in password.
- password_
min_ floatsymbol Minimum number of symbols in password.
- password_
min_ floatuppercase Minimum number of upper case characters in password.
- password_
show_ boollockout_ failures If a user should be informed when their account is locked.
- priority float
Priority of the policy.
- question_
min_ floatlength Min length of the password recovery question answer.
- question_
recovery str Enable or disable security question password recovery: ACTIVE or INACTIVE.
- recovery_
email_ floattoken Lifetime in minutes of the recovery email token.
- skip_
unlock bool When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
- sms_
recovery str Enable or disable SMS password recovery: ACTIVE or INACTIVE.
- status str
Policy Status:
"ACTIVE"or"INACTIVE".
Package Details
- Repository
- https://github.com/pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oktaTerraform Provider.