To add a password policy:
- On the Manage Password Policies tab, click Add Password Policy.
- In the Policy Name field, enter the name of the new password policy.
- (Optional) In the Minimum Length field, enter the minimum number of characters that users are required to have in their password.
- In the Warn After (days) field, enter the number of days that will pass before users are warned that their passwords are set to expire on a specific date. This value must be less than the value entered in the Expires After (days) field.
- In the Expires After (days) field, enter the number of days that will pass before users' passwords expire. This value must be greater than the value entered in the Warn After (days) field.
- (Optional) In the Disallow Past Passwords field, enter the frequency at which old passwords can be reused. This policy ensures that users do not change back and forth among a set of common passwords.
- (Optional) In the Minimum Password Age field, enter the length of time (in days) users must keep their passwords before they are allowed to change them again. This value must be less than the value entered in the Expires After (days) field.
- In the Policy Type menu, select one of the following:
- Complex: The password policy uses a standard set of password rules.
- Custom: The password policy uses a custom set of password rules. If you select Custom, the custom policy rules appear on the Complex Policy Rules tab in the lower pane. Set the custom policy rules as needed. See Custom Policy Rules for details.
- On the Assigned Companies tab in the lower pane, do the following to assign the password policy to one or more companies:
Notes:
- If the password policy assigned to a company is modified or a new password policy is assigned to a company, existing users with established passwords are not required to change their password immediately. However, when those users do change their password (for example, due to password expiration or password reset), the new password must conform to the new password policy. Oracle recommends that you reset the passwords of users that belong to a company whose password policy has been changed.
- OIM Only: If a partner company inherits the password policy of the owning company and the owning company password policy is modified, the partner company password policy is modified accordingly.
- This step is optional. You can assign the password policy to a company later.
- Click Manage Assignments.
- In the Available pane, select the companies for the password policy. Hold down the Control key and click to select more than one application.
- Click Add to selected column.
- Click Assign.
- Click Save.