Unique password enforcement cheatsheets
Don't have time to read all the Unique password enforcement documentation? That's fine. The two cheatsheets included in this article tell you:
- What happens if you try to do X, Y, or Z when it comes to unique password enforcement.
- How to go about achieving X, Y, or Z when it comes to unique password enforcement.
What Happens If I ā¦.
If you ā¦ | ā¦ this happens. |
|---|---|
ā¦ do nothing at all. | Nothing happens: ā¢ Password history is disabled. Password history remains disabled by default on all entity types. ā¢ Users can reuse passwords. In fact, users can reset a password to their current password. ā¢ The historySize property isn't displayed when you call the /entityType operation. |
ā¦ set historySize to 0. | Password history is disabled: ā¢ Users can reuse passwords. In fact, users can reset a password to their current password. ā¢ The historySize property is displayed (and set to 0) when you call the /entityType operation. ā¢ If password history was previously enabled, all the stored passwords for all your users are deleted. No password history of any kind is maintained. |
ā¦ set historySize to 1. | Password history is enabled: ā¢ Identity Cloud maintains a record of each userās current password. Those user scan't reuse their current password if they try to reset their password. ā¢ The historySize property is displayed (and set to 1) when you call the /entityType operation. |
ā¦ set historySize to an integer value between 2 and 10, inclusive. | Password history is enabled: ā¢ Identity Cloud maintains a record of the userās current password as well as the userās previous password up to the specified history size. For example, if historySize is set to 5, 5 passwords are retained: the userās current password plus the userās 4 previous passwords. ā¢ Users can't reuse their current password or any of their previous passwords if they try to reset their password. ā¢ The historySize property is displayed (and set to 1) when you call the /entityType operation. |
ā¦ set historySize to an integer value less than 0 or greater than 10. | Nothing happens. Your API call generates an error, and your password history settings arenāt changed. |
ā¦ set historySize to any value other than the integers 0 through 10, inclusive. | Nothing happens. Your API call generates an error, and your password history settings arenāt changed. |
ā¦ set historySize to a null value. | Password history is disabled: ā¢ Users can reuse passwords; in fact, users can reset a password to their current password. ā¢ The historySize property isn't displayed when you call the /entityType operation. ā¢ If password history was previously enabled, all the previous passwords for all your users are deleted. No password history of any kind is maintained. |
I Just Need to Know How to ā¦.
If you to want to ā¦ | ā¦ then do this |
|---|---|
ā¦ leave your password settings exactly as they are now. | Nothing. By default, password history is disabled on all your entity types. If you donāt want to use password history then simply leave well enough alone. |
ā¦ enable password history and prevent users from reusing their last X number of passwords. | Set historySize to X. Note that X must be an integer value between ` and 10 inclusive. |
ā¦ just prevent users from reusing their current password. | Set historySize to 1. Users won't be able to reset their password to their current password, but they will be able to re-use any other passwords they might have employed. |
ā¦ disable password history. | Set historySize to 0 or to null. Note that doing this deletes all the previously-saved passwords for all your users. |
Updated 4 days ago