You can set up policies in Oracle Identity Cloud Service for an identity domain. You then attach a policy to a group and it is applicable to all users in a group.
You can create up to ten password policies in Oracle Identity Cloud Service and each is assigned a priority. A password policy is assigned to a group, and all users in the group will use that policy. When a user is a member of more than one group, the password policy with the highest priority applies.
When a user is created or when a user changes their password, Oracle Identity Cloud Service validates the password that's provided against the highest priority password policy for that user to ensure that it meets the criteria for the policy. A new user who is not a member of a group will use the default password policy. A user who is a member of a group which does not have a password policy assigned will use the default password policy. When a user logs in for the first time to change the password, or resets the password at any time, the password policy is evaluated.
Deleting Groups and Policies
When a group is deleted, the password policy attached to the group will no longer be assigned to users who had been members of the group. Instead, the highest priority password policy available will apply to users.
When a password policy is deleted, groups and therefore users of the group are no longer associated with it so the highest priority password policy available will apply to users.
Types of Password Policies
- Used for your developer services and demos when you don't want to customize a policy for them. You can't modify this type of password policy.
- Used when you don't want to use the Oracle-recommended password policy for your enterprise applications. You can't modify this type of password policy.
- Used to tailor the strength of your password policy to meet the business and security requirements for your enterprise applications. As an administrator, it's your responsibility to make the minimal requirements of the Custom password policy strong.