Creating Password Policies

Creating Password Policies

You can configure the password policy for passwords and client secrets in UAA for parameters such as length, accepted or required character types, expiration times, and reset policy.

About This Task

When you create an instance of UAA, an internal Identity Provider of type uaa is automatically created with the default password policy. You can create new password policies for clients in your instance of UAA. You can create policies for both user passwords and for client secrets.

You can change the password policies at any time. Change in the password policy affects all users, including any existing users in your UAA instance.

Procedure

  1. In the Console view, select the Space where your services are located.
  2. In the Services Instances page, select the UAA instance that you need to configure.
  3. Select the Configure Service Instance option.
  4. In the UAA Dashboard login page, specify your admin client secret and click Login.
  5. In UAA Dashboard, select the Password Policy tab.
  6. Specify the following values in the Password Policy form:
    FieldDescription
    Set Password LengthSpecifies the minimum to maximum number of characters required for a valid password.
    RequirementsSpecifies the type of characters required for a valid password.
    ExpirationSpecifies the number of months after which current password expires.
    Lockout PolicySpecifies the amount of time (in seconds) for which the account is locked when the number of failed attempts has exceeded the set limit within the specified time.