Unique password enforcement cheatsheets
Don't have time to read all the Unique password enforcement documentation? That's fine. The two cheatsheets included in this article tell you:
- What happens if you try to do X, Y, or Z when it comes to unique password enforcement.
- How to go about achieving X, Y, or Z when it comes to unique password enforcement.
What Happens If I ….
| If you … | … this happens. |
|---|---|
| … do nothing at all. | Nothing happens: • Password history is disabled. Password history remains disabled by default on all entity types. • Users can reuse passwords. In fact, users can reset a password to their current password. • The historySize property isn't displayed when you call the /entityType operation. |
| … set historySize to 0. | Password history is disabled: • Users can reuse passwords. In fact, users can reset a password to their current password. • The historySize property is displayed (and set to 0) when you call the /entityType operation. • If password history was previously enabled, all the stored passwords for all your users are deleted. No password history of any kind is maintained. |
| … set historySize to 1. | Password history is enabled: • Identity Cloud maintains a record of each user’s current password. Those users can't reuse their current password if they try to reset their password. • The historySize property is displayed (and set to 1) when you call the /entityType operation. |
| … set historySize to an integer value between 2 and 10, inclusive. | Password history is enabled: • Identity Cloud maintains a record of the user’s current password as well as the user’s previous password up to the specified history size. For example, if historySize is set to 5, 5 passwords are retained: the user’s current password plus the user’s 4 previous passwords. • Users can't reuse their current password or any of their previous passwords if they try to reset their password. • The historySize property is displayed (and set to 1) when you call the /entityType operation. |
| … set historySize to an integer value less than 0 or greater than 10. | Nothing happens. Your API call generates an error, and your password history settings aren’t changed. |
| … set historySize to any value other than the integers 0 through 10, inclusive. | Nothing happens. Your API call generates an error, and your password history settings aren’t changed. |
| … set historySize to a null value. | Password history is disabled: • Users can reuse passwords; in fact, users can reset a password to their current password. • The historySize property isn't displayed when you call the /entityType operation. • If password history was previously enabled, all the previous passwords for all your users are deleted. No password history of any kind is maintained. |
I Just Need to Know How to ….
| If you to want to … | … then do this |
|---|---|
| … leave your password settings exactly as they are now. | Nothing. By default, password history is disabled on all your entity types. If you don’t want to use password history then simply leave well enough alone. |
| … enable password history and prevent users from reusing their last X number of passwords. | Set historySize to X. Note that X must be an integer value between ` and 10 inclusive. |
| … just prevent users from reusing their current password. | Set historySize to 1. Users won't be able to reset their password to their current password, but they will be able to re-use any other passwords they might have employed. |
| … disable password history. | Set historySize to 0 or to null. Note that doing this deletes all the previously-saved passwords for all your users. |
Updated 4 months ago