24.3 Accessing Password Policy Configuration Page

Once Password Management is enabled, you can configure the Password Policy. Administrators define password policy based on enterprise requirements. When configured, the Password Options and Challenge Options are used by both the Embedded Credential Collector (ECC) and Detached Credential Collector (DCC).

See Understanding Credential Collection and Login for information on the Credential Collection options.

Follow this procedure to access the Password Policy configuration page.

  1. Log in to the Oracle Access Management Console as Administrator.
  2. Click Application Security at the top right of the Oracle Access Management Console.
  3. Click Password Policy in the Application Security console. For detailed information about the options see, Password Policy Configuration Page.

24.3.1 Password Policy Configuration Page

Various options are available on the password policy configuration page.

Figure 24-1 Password Policy Configuration Page

Description of Figure 24-1 follows
Description of "Figure 24-1 Password Policy Configuration Page"

Table 24-2 describes the configurable Password Policy options (as read from left to right in the console). These elements are used by both the ECC and DCC.

Table 24-2 Password Policy Elements

Element Description

Minimum Uppercase Characters

Defines the minimum number of uppercase characters required in a password.

Minimum Lowercase Characters

Sets the minimum number of lowercase characters required in a password.

Minimum Alphabetic Characters

Defines the minimum number of special characters allowed in the password.

Minimum Numeric Characters

Sets the minimum number of numeric characters required in a password.

Minimum Alphanumeric Characters

Defines the minimum number of alphanumeric characters required in a password.

Minimum Special Characters

Sets the minimum number of special characters required in a password.

Maximum Special Characters

Defines the maximum number of special characters allowed in a password.

Minimum Unicode Characters

Defines the minimum number of unicode characters required in a password.

Maximum Unicode Characters

Sets the maximum number of unicode characters allowed in a password.

Minimum Password Length

Sets the total minimum number of characters required in a password.

Maximum Password Length

Defines the total maximum number of characters allowed in a password.

Characters Required

Defines the specific characters that are required in a password. No delimiter is needed or allowed in this definition.

Characters Not Allowed

Sets the specific characters that cannot be used in a password. No delimiter is needed or allowed in this definition

Characters Allowed

Defines all allowed characters in a password. No delimiter is needed or allowed in this definition

Substrings Not Allowed

Specific character strings that are not allowed in a password. Use a comma as the delimiter in this definition.

Alphabetic Character Must Start Password

Specifies that the first character in a password must be alphabetic, when checked.

Can Include User's Last Name

Specifies that the user's last name is allowed in the password, when checked.

Can Include User's First Name

Specifies that the user's first name is allowed in the password, when checked.

Can Include User ID

Specifies that the user's userID is allowed in the password, when checked.

Warn after (days)

Defines the number of days before a designated date in which a user will be warned about password expiration. For example, you enter 30 in the Expires After (Days) field, and 20 in the Warn After (Days) field, and the password is created on November 1. On November 21, the user will be informed that the password will expire on December 1. This field accepts values from 0 to 999.

Maximum Attempts

Identifies the maximum number of login attempts a user can make before a lockout.

Expire after (days)

Defines the period of time (in days) that the password is valid.

Lockout Duration (minutes)

Identifies the period of time the user is locked out (in minutes) after the designated number of failed login attempts. After this period, the user can attempt a fresh login.

Permanent Lockout

specifies permanent lockout after the designated number of failed login attempts.

Disallow Last

Defines the number of previous passwords that cannot be used when the user changes her password.

Password Dictionary File

Identifies the physical file on OAM Servers that contain the list of restricted words that can not be specified in a password.

Password File Delimiter

Defines the delimiter used in the Password Dictionary file to separate various words. For example, if the file contains abc,def,welcome and the dictionary delimiter is comma (,), the words that are restricted and cannot be used in a user password are abc def and welcome.

Password Service URL

The location of various password pages.