Unique password enforcement cheatsheets

Don't have time to read all the Unique password enforcement documentation? That's fine. The two cheatsheets included in this article tell you:

  • What happens if you try to do X, Y, or Z when it comes to unique password enforcement.
  • How to go about achieving X, Y, or Z when it comes to unique password enforcement.

What Happens If I ….

If you …

… this happens.

… do nothing at all.

Nothing happens:

• Password history is disabled. Password history remains disabled by default on all entity types.

• Users can reuse passwords. In fact, users can reset a password to their current password.

• The historySize property isn't displayed when you call the /entityType operation.

… set historySize to 0.

Password history is disabled:

• Users can reuse passwords. In fact, users can reset a password to their current password.

• The historySize property is displayed (and set to 0) when you call the /entityType operation.

• If password history was previously enabled, all the stored passwords for all your users are deleted. No password history of any kind is maintained.

… set historySize to 1.

Password history is enabled:

• Identity Cloud maintains a record of each user’s current password. Those user scan't reuse their current password if they try to reset their password.

• The historySize property is displayed (and set to 1) when you call the /entityType operation.

… set historySize to an integer value between 2 and 10, inclusive.

Password history is enabled:

• Identity Cloud maintains a record of the user’s current password as well as the user’s previous password up to the specified history size. For example, if historySize is set to 5, 5 passwords are retained: the user’s current password plus the user’s 4 previous passwords.

• Users can't reuse their current password or any of their previous passwords if they try to reset their password.

• The historySize property is displayed (and set to 1) when you call the /entityType operation.

… set historySize to an integer value less than 0 or greater than 10.

Nothing happens. Your API call generates an error, and your password history settings aren’t changed.

… set historySize to any value other than the integers 0 through 10, inclusive.

Nothing happens. Your API call generates an error, and your password history settings aren’t changed.

… set historySize to a null value.

Password history is disabled:

• Users can reuse passwords; in fact, users can reset a password to their current password.

• The historySize property isn't displayed when you call the /entityType operation.

• If password history was previously enabled, all the previous passwords for all your users are deleted. No password history of any kind is maintained.

I Just Need to Know How to ….

If you to want to …

… then do this

… leave your password settings exactly as they are now.

Nothing. By default, password history is disabled on all your entity types. If you don’t want to use password history then simply leave well enough alone.

… enable password history and prevent users from reusing their last X number of passwords.

Set historySize to X. Note that X must be an integer value between ` and 10 inclusive.

… just prevent users from reusing their current password.

Set historySize to 1. Users won't be able to reset their password to their current password, but they will be able to re-use any other passwords they might have employed.

… disable password history.

Set historySize to 0 or to null. Note that doing this deletes all the previously-saved passwords for all your users.


Did this page help you?