If you set Custom password policy, you can set the following password rules:
- Account Lock Threshold: This rule is available in IDCS only. Enter the number of times a user can enter an incorrect password before the account will be locked.
- Characters Allowed: This rule is available in OIM only. Enter the characters a password can contain. For example, if you enter a percent sign (%), a password must contain a percent sign. A password would not be valid if it contained any character not in this field. For example, if you enter abc, the password dad is not valid because the character d is not specified. If you specify the same character in this field and Characters Not Allowed field, an error occurs.
- Characters Not Allowed: Enter the characters a password must not contain. For example, if you enter an exclamation point (!), a password cannot contain an exclamation point. If you specify the same character in this field and Characters Allowed field, an error occurs.
- Characters Required: Enter the characters a password must contain. For example, if you enter x, a password must contain the character x. The character you enter in this field must also be entered in the Characters Allowed field. Otherwise, an error occurs. If you specify more than one character, do not provide delimiters. Commas and spaces are also considered characters in this field. For example, if you specify a,x, a valid password would need to contain the character a, the character x, and a comma.
- Disallow First Name: Use this rule to specify whether the user's first name is allowed in a password. If the check box is selected, a password is not valid if it contains the user's first name.
- Disallow Last Name: Use this rule to specify whether the user's last name is allowed in a password. If this check box is selected, a password is not valid if it contains the user's last name.
- Disallow Restricted Words: This rule is available in IDCS only. Use this rule to specify whether restricted words are allowed in a password. When this checkbox is selected, a password is not valid if it contains any of the words on the restricted words list.
- Disallow User ID: Use this rule to specify whether the user ID is allowed in a password. When this check box is selected, a password is not valid if it contains the user ID.
- Disallow Whitespace Character: This rule is available in IDCS only. Use this rule to specify whether a space is allowed in a password. When this rule is switched on, a password is not valid if it contains a space.
- Expires After (days): This rule is available in IDCS only. Enter the number of days after which a user must change their password.
- Maximum Length: Enter the maximum number of characters a password can contain. For example, if you enter 8, a password cannot contain more than eight characters. This field accepts values from 1 to 999.
- Maximum Repeated Characters: Enter the maximum number of times a character can be repeated in a password. For example, if you enter 2, a password is not valid if any character is repeated more than two times. With this setting, the password RL112211 is not valid because the character 1 appears four times (and is therefore repeated three times). This field accepts values from 1 to 999.
- Maximum Special Characters: This rule is available in OIM only. Enter the maximum number of non-alphanumeric characters a password can contain. For example, if you enter 3, a password cannot contain more than three non-alphanumeric characters. This field accepts values from 1 to 999.
- Maximum Unicode Characters: This rule is available in OIM only. Enter the maximum number of Unicode characters that a password can contain. For example, if you enter 8, a password cannot contain more than eight Unicode characters. This field accepts values from 1 to 999.
- Minimum Alphabet Characters: Enter the minimum number of letters a password must contain. For example, if you enter 2, a password must contain at least two letters. This field accepts values from 0 to 999.
- Minimum Alphanumeric Characters: This rule is available in OIM only. Enter the minimum number of letters or digits that a password must contain. For example, if you enter 6, a password must contain at least six letters and digits. This field accepts values from 0 to 999.
- Minimum Length: This rule is available in IDCS only. Enter the minimum number of characters a password must contain. For example if you enter 8, a password must contain at least eight characters.
- Minimum Lowercase Characters: Enter the minimum number of lowercase letters a password must contain. For example, if you enter 5, a password must contain at least five lowercase letters. This field accepts values from 0 to 999.
- Minimum Numeric Characters: Enter the minimum number of digits a password must contain. For example, if you enter 1, a password must contain at least one digit. This field accepts values from 0 to 999.
- Minimum Special Characters: Enter the minimum number of non-alphanumeric characters (for example, #, %, or &) a password must contain. For example, if you enter 1, a password must contain at least one non-alphanumeric character. This field accepts values from 0 to 999.
- Minimum Unicode Characters: This rule is available in OIM only. Enter the minimum number of Unicode characters that a password must contain. For example, if you enter 3, a password must contain at least three Unicode characters. This field accepts values from 0 to 999.
- Minimum Unique Characters: Enter the minimum number of non-repeating characters a password must contain. For example, if you enter 1, a password is must contain at least one character that is not repeated. With this setting, the password 1x23321 is valid because the character x is not repeated (although the remaining characters are repeated). This field accepts values from 0 to 999.
- Minimum Uppercase Characters: Enter the minimum number of uppercase letters a password must contain. For example, if you enter 3, a password must contain at least three uppercase letters. This field accepts values from 0 to 999.
- Previous Passwords Remembered: This rule is available in IDCS only. Enter the number of previously used passwords for each user which will be remembered. A password will not be valid if it matches any of the remembered passwords for the user.
- Start With Alphabet: Use this rule to specify whether a password must begin with a letter. If the check box is selected, the password 123welcome would not be valid because it does not begin with a letter. If the check box is deselected, a password can begin with a letter, digit, or special character.
- Substrings Not Allowed: This rule is available in OIM only. Enter a series of consecutive alphanumeric characters a password must not contain. For example, if you enter dog, a password is not valid if it contains the character d, the character o, and the character g in successive order.