1. Packages
  2. Okta
  3. API Docs
  4. policy
  5. Password
Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi

okta.policy.Password

Explore with Pulumi AI

okta logo
Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi

    Creates a Password Policy.

    This resource allows you to create and configure a Password Policy.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Okta.Policy.Password("example", new()
        {
            Description = "Example",
            GroupsIncludeds = new[]
            {
                data.Okta_group.Everyone.Id,
            },
            PasswordHistoryCount = 4,
            Status = "ACTIVE",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := policy.NewPassword(ctx, "example", &policy.PasswordArgs{
    			Description: pulumi.String("Example"),
    			GroupsIncludeds: pulumi.StringArray{
    				data.Okta_group.Everyone.Id,
    			},
    			PasswordHistoryCount: pulumi.Int(4),
    			Status:               pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.Password;
    import com.pulumi.okta.policy.PasswordArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Password("example", PasswordArgs.builder()        
                .description("Example")
                .groupsIncludeds(data.okta_group().everyone().id())
                .passwordHistoryCount(4)
                .status("ACTIVE")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_okta as okta
    
    example = okta.policy.Password("example",
        description="Example",
        groups_includeds=[data["okta_group"]["everyone"]["id"]],
        password_history_count=4,
        status="ACTIVE")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const example = new okta.policy.Password("example", {
        description: "Example",
        groupsIncludeds: [data.okta_group.everyone.id],
        passwordHistoryCount: 4,
        status: "ACTIVE",
    });
    
    resources:
      example:
        type: okta:policy:Password
        properties:
          description: Example
          groupsIncludeds:
            - ${data.okta_group.everyone.id}
          passwordHistoryCount: 4
          status: ACTIVE
    

    Create Password Resource

    new Password(name: string, args?: PasswordArgs, opts?: CustomResourceOptions);
    @overload
    def Password(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 auth_provider: Optional[str] = None,
                 call_recovery: Optional[str] = None,
                 description: Optional[str] = None,
                 email_recovery: Optional[str] = None,
                 groups_includeds: Optional[Sequence[str]] = None,
                 name: Optional[str] = None,
                 password_auto_unlock_minutes: Optional[int] = None,
                 password_dictionary_lookup: Optional[bool] = None,
                 password_exclude_first_name: Optional[bool] = None,
                 password_exclude_last_name: Optional[bool] = None,
                 password_exclude_username: Optional[bool] = None,
                 password_expire_warn_days: Optional[int] = None,
                 password_history_count: Optional[int] = None,
                 password_lockout_notification_channels: Optional[Sequence[str]] = None,
                 password_max_age_days: Optional[int] = None,
                 password_max_lockout_attempts: Optional[int] = None,
                 password_min_age_minutes: Optional[int] = None,
                 password_min_length: Optional[int] = None,
                 password_min_lowercase: Optional[int] = None,
                 password_min_number: Optional[int] = None,
                 password_min_symbol: Optional[int] = None,
                 password_min_uppercase: Optional[int] = None,
                 password_show_lockout_failures: Optional[bool] = None,
                 priority: Optional[int] = None,
                 question_min_length: Optional[int] = None,
                 question_recovery: Optional[str] = None,
                 recovery_email_token: Optional[int] = None,
                 skip_unlock: Optional[bool] = None,
                 sms_recovery: Optional[str] = None,
                 status: Optional[str] = None)
    @overload
    def Password(resource_name: str,
                 args: Optional[PasswordArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    func NewPassword(ctx *Context, name string, args *PasswordArgs, opts ...ResourceOption) (*Password, error)
    public Password(string name, PasswordArgs? args = null, CustomResourceOptions? opts = null)
    public Password(String name, PasswordArgs args)
    public Password(String name, PasswordArgs args, CustomResourceOptions options)
    
    type: okta:policy:Password
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Password Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Password resource accepts the following input properties:

    AuthProvider string
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    CallRecovery string
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    Description string
    Policy Description. Type "string"
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    GroupsIncludeds List<string>
    List of Group IDs to Include. Type "list(string)"
    Name string
    Policy Name. Type "string"
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Type "bool"
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password. Type "bool"
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password. Type "bool"
    PasswordExcludeUsername bool
    If the username must be excluded from the password. Type "bool"
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    PasswordLockoutNotificationChannels List<string>
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    PasswordMinLength int
    Minimum password length. Default is 8. Type "number"
    PasswordMinLowercase int
    Minimum number of lower case characters in a password. Type "number"
    PasswordMinNumber int
    Minimum number of numbers in a password. Type "number"
    PasswordMinSymbol int
    Minimum number of symbols in a password. Type "number"
    PasswordMinUppercase int
    Minimum number of upper case characters in a password. Type "number"
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Type "bool"
    Priority int
    Priority of the policy. Type "number"
    QuestionMinLength int
    Min length of the password recovery question answer. Type "number"
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Type "number"
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    Status string
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    AuthProvider string
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    CallRecovery string
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    Description string
    Policy Description. Type "string"
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    GroupsIncludeds []string
    List of Group IDs to Include. Type "list(string)"
    Name string
    Policy Name. Type "string"
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Type "bool"
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password. Type "bool"
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password. Type "bool"
    PasswordExcludeUsername bool
    If the username must be excluded from the password. Type "bool"
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    PasswordLockoutNotificationChannels []string
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    PasswordMinLength int
    Minimum password length. Default is 8. Type "number"
    PasswordMinLowercase int
    Minimum number of lower case characters in a password. Type "number"
    PasswordMinNumber int
    Minimum number of numbers in a password. Type "number"
    PasswordMinSymbol int
    Minimum number of symbols in a password. Type "number"
    PasswordMinUppercase int
    Minimum number of upper case characters in a password. Type "number"
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Type "bool"
    Priority int
    Priority of the policy. Type "number"
    QuestionMinLength int
    Min length of the password recovery question answer. Type "number"
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Type "number"
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    Status string
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    authProvider String
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    callRecovery String
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description String
    Policy Description. Type "string"
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groupsIncludeds List<String>
    List of Group IDs to Include. Type "list(string)"
    name String
    Policy Name. Type "string"
    passwordAutoUnlockMinutes Integer
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Type "bool"
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password. Type "bool"
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password. Type "bool"
    passwordExcludeUsername Boolean
    If the username must be excluded from the password. Type "bool"
    passwordExpireWarnDays Integer
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    passwordHistoryCount Integer
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    passwordMaxAgeDays Integer
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    passwordMaxLockoutAttempts Integer
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    passwordMinAgeMinutes Integer
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    passwordMinLength Integer
    Minimum password length. Default is 8. Type "number"
    passwordMinLowercase Integer
    Minimum number of lower case characters in a password. Type "number"
    passwordMinNumber Integer
    Minimum number of numbers in a password. Type "number"
    passwordMinSymbol Integer
    Minimum number of symbols in a password. Type "number"
    passwordMinUppercase Integer
    Minimum number of upper case characters in a password. Type "number"
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Type "bool"
    priority Integer
    Priority of the policy. Type "number"
    questionMinLength Integer
    Min length of the password recovery question answer. Type "number"
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recoveryEmailToken Integer
    Lifetime in minutes of the recovery email token. Type "number"
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status String
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    authProvider string
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    callRecovery string
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description string
    Policy Description. Type "string"
    emailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groupsIncludeds string[]
    List of Group IDs to Include. Type "list(string)"
    name string
    Policy Name. Type "string"
    passwordAutoUnlockMinutes number
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    passwordDictionaryLookup boolean
    Check Passwords Against Common Password Dictionary. Type "bool"
    passwordExcludeFirstName boolean
    User firstName attribute must be excluded from the password. Type "bool"
    passwordExcludeLastName boolean
    User lastName attribute must be excluded from the password. Type "bool"
    passwordExcludeUsername boolean
    If the username must be excluded from the password. Type "bool"
    passwordExpireWarnDays number
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    passwordHistoryCount number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    passwordLockoutNotificationChannels string[]
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    passwordMaxAgeDays number
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    passwordMaxLockoutAttempts number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    passwordMinAgeMinutes number
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    passwordMinLength number
    Minimum password length. Default is 8. Type "number"
    passwordMinLowercase number
    Minimum number of lower case characters in a password. Type "number"
    passwordMinNumber number
    Minimum number of numbers in a password. Type "number"
    passwordMinSymbol number
    Minimum number of symbols in a password. Type "number"
    passwordMinUppercase number
    Minimum number of upper case characters in a password. Type "number"
    passwordShowLockoutFailures boolean
    If a user should be informed when their account is locked. Type "bool"
    priority number
    Priority of the policy. Type "number"
    questionMinLength number
    Min length of the password recovery question answer. Type "number"
    questionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recoveryEmailToken number
    Lifetime in minutes of the recovery email token. Type "number"
    skipUnlock boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    smsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status string
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    auth_provider str
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    call_recovery str
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description str
    Policy Description. Type "string"
    email_recovery str
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groups_includeds Sequence[str]
    List of Group IDs to Include. Type "list(string)"
    name str
    Policy Name. Type "string"
    password_auto_unlock_minutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    password_dictionary_lookup bool
    Check Passwords Against Common Password Dictionary. Type "bool"
    password_exclude_first_name bool
    User firstName attribute must be excluded from the password. Type "bool"
    password_exclude_last_name bool
    User lastName attribute must be excluded from the password. Type "bool"
    password_exclude_username bool
    If the username must be excluded from the password. Type "bool"
    password_expire_warn_days int
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    password_history_count int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    password_lockout_notification_channels Sequence[str]
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    password_max_age_days int
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    password_max_lockout_attempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    password_min_age_minutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    password_min_length int
    Minimum password length. Default is 8. Type "number"
    password_min_lowercase int
    Minimum number of lower case characters in a password. Type "number"
    password_min_number int
    Minimum number of numbers in a password. Type "number"
    password_min_symbol int
    Minimum number of symbols in a password. Type "number"
    password_min_uppercase int
    Minimum number of upper case characters in a password. Type "number"
    password_show_lockout_failures bool
    If a user should be informed when their account is locked. Type "bool"
    priority int
    Priority of the policy. Type "number"
    question_min_length int
    Min length of the password recovery question answer. Type "number"
    question_recovery str
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recovery_email_token int
    Lifetime in minutes of the recovery email token. Type "number"
    skip_unlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    sms_recovery str
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status str
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    authProvider String
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    callRecovery String
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description String
    Policy Description. Type "string"
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groupsIncludeds List<String>
    List of Group IDs to Include. Type "list(string)"
    name String
    Policy Name. Type "string"
    passwordAutoUnlockMinutes Number
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Type "bool"
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password. Type "bool"
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password. Type "bool"
    passwordExcludeUsername Boolean
    If the username must be excluded from the password. Type "bool"
    passwordExpireWarnDays Number
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    passwordHistoryCount Number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    passwordMaxAgeDays Number
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    passwordMaxLockoutAttempts Number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    passwordMinAgeMinutes Number
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    passwordMinLength Number
    Minimum password length. Default is 8. Type "number"
    passwordMinLowercase Number
    Minimum number of lower case characters in a password. Type "number"
    passwordMinNumber Number
    Minimum number of numbers in a password. Type "number"
    passwordMinSymbol Number
    Minimum number of symbols in a password. Type "number"
    passwordMinUppercase Number
    Minimum number of upper case characters in a password. Type "number"
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Type "bool"
    priority Number
    Priority of the policy. Type "number"
    questionMinLength Number
    Min length of the password recovery question answer. Type "number"
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recoveryEmailToken Number
    Lifetime in minutes of the recovery email token. Type "number"
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status String
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Password resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Password Resource

    Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PasswordState, opts?: CustomResourceOptions): Password
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auth_provider: Optional[str] = None,
            call_recovery: Optional[str] = None,
            description: Optional[str] = None,
            email_recovery: Optional[str] = None,
            groups_includeds: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            password_auto_unlock_minutes: Optional[int] = None,
            password_dictionary_lookup: Optional[bool] = None,
            password_exclude_first_name: Optional[bool] = None,
            password_exclude_last_name: Optional[bool] = None,
            password_exclude_username: Optional[bool] = None,
            password_expire_warn_days: Optional[int] = None,
            password_history_count: Optional[int] = None,
            password_lockout_notification_channels: Optional[Sequence[str]] = None,
            password_max_age_days: Optional[int] = None,
            password_max_lockout_attempts: Optional[int] = None,
            password_min_age_minutes: Optional[int] = None,
            password_min_length: Optional[int] = None,
            password_min_lowercase: Optional[int] = None,
            password_min_number: Optional[int] = None,
            password_min_symbol: Optional[int] = None,
            password_min_uppercase: Optional[int] = None,
            password_show_lockout_failures: Optional[bool] = None,
            priority: Optional[int] = None,
            question_min_length: Optional[int] = None,
            question_recovery: Optional[str] = None,
            recovery_email_token: Optional[int] = None,
            skip_unlock: Optional[bool] = None,
            sms_recovery: Optional[str] = None,
            status: Optional[str] = None) -> Password
    func GetPassword(ctx *Context, name string, id IDInput, state *PasswordState, opts ...ResourceOption) (*Password, error)
    public static Password Get(string name, Input<string> id, PasswordState? state, CustomResourceOptions? opts = null)
    public static Password get(String name, Output<String> id, PasswordState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthProvider string
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    CallRecovery string
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    Description string
    Policy Description. Type "string"
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    GroupsIncludeds List<string>
    List of Group IDs to Include. Type "list(string)"
    Name string
    Policy Name. Type "string"
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Type "bool"
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password. Type "bool"
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password. Type "bool"
    PasswordExcludeUsername bool
    If the username must be excluded from the password. Type "bool"
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    PasswordLockoutNotificationChannels List<string>
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    PasswordMinLength int
    Minimum password length. Default is 8. Type "number"
    PasswordMinLowercase int
    Minimum number of lower case characters in a password. Type "number"
    PasswordMinNumber int
    Minimum number of numbers in a password. Type "number"
    PasswordMinSymbol int
    Minimum number of symbols in a password. Type "number"
    PasswordMinUppercase int
    Minimum number of upper case characters in a password. Type "number"
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Type "bool"
    Priority int
    Priority of the policy. Type "number"
    QuestionMinLength int
    Min length of the password recovery question answer. Type "number"
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Type "number"
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    Status string
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    AuthProvider string
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    CallRecovery string
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    Description string
    Policy Description. Type "string"
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    GroupsIncludeds []string
    List of Group IDs to Include. Type "list(string)"
    Name string
    Policy Name. Type "string"
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Type "bool"
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password. Type "bool"
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password. Type "bool"
    PasswordExcludeUsername bool
    If the username must be excluded from the password. Type "bool"
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    PasswordLockoutNotificationChannels []string
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    PasswordMinLength int
    Minimum password length. Default is 8. Type "number"
    PasswordMinLowercase int
    Minimum number of lower case characters in a password. Type "number"
    PasswordMinNumber int
    Minimum number of numbers in a password. Type "number"
    PasswordMinSymbol int
    Minimum number of symbols in a password. Type "number"
    PasswordMinUppercase int
    Minimum number of upper case characters in a password. Type "number"
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Type "bool"
    Priority int
    Priority of the policy. Type "number"
    QuestionMinLength int
    Min length of the password recovery question answer. Type "number"
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Type "number"
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    Status string
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    authProvider String
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    callRecovery String
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description String
    Policy Description. Type "string"
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groupsIncludeds List<String>
    List of Group IDs to Include. Type "list(string)"
    name String
    Policy Name. Type "string"
    passwordAutoUnlockMinutes Integer
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Type "bool"
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password. Type "bool"
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password. Type "bool"
    passwordExcludeUsername Boolean
    If the username must be excluded from the password. Type "bool"
    passwordExpireWarnDays Integer
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    passwordHistoryCount Integer
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    passwordMaxAgeDays Integer
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    passwordMaxLockoutAttempts Integer
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    passwordMinAgeMinutes Integer
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    passwordMinLength Integer
    Minimum password length. Default is 8. Type "number"
    passwordMinLowercase Integer
    Minimum number of lower case characters in a password. Type "number"
    passwordMinNumber Integer
    Minimum number of numbers in a password. Type "number"
    passwordMinSymbol Integer
    Minimum number of symbols in a password. Type "number"
    passwordMinUppercase Integer
    Minimum number of upper case characters in a password. Type "number"
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Type "bool"
    priority Integer
    Priority of the policy. Type "number"
    questionMinLength Integer
    Min length of the password recovery question answer. Type "number"
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recoveryEmailToken Integer
    Lifetime in minutes of the recovery email token. Type "number"
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status String
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    authProvider string
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    callRecovery string
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description string
    Policy Description. Type "string"
    emailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groupsIncludeds string[]
    List of Group IDs to Include. Type "list(string)"
    name string
    Policy Name. Type "string"
    passwordAutoUnlockMinutes number
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    passwordDictionaryLookup boolean
    Check Passwords Against Common Password Dictionary. Type "bool"
    passwordExcludeFirstName boolean
    User firstName attribute must be excluded from the password. Type "bool"
    passwordExcludeLastName boolean
    User lastName attribute must be excluded from the password. Type "bool"
    passwordExcludeUsername boolean
    If the username must be excluded from the password. Type "bool"
    passwordExpireWarnDays number
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    passwordHistoryCount number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    passwordLockoutNotificationChannels string[]
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    passwordMaxAgeDays number
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    passwordMaxLockoutAttempts number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    passwordMinAgeMinutes number
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    passwordMinLength number
    Minimum password length. Default is 8. Type "number"
    passwordMinLowercase number
    Minimum number of lower case characters in a password. Type "number"
    passwordMinNumber number
    Minimum number of numbers in a password. Type "number"
    passwordMinSymbol number
    Minimum number of symbols in a password. Type "number"
    passwordMinUppercase number
    Minimum number of upper case characters in a password. Type "number"
    passwordShowLockoutFailures boolean
    If a user should be informed when their account is locked. Type "bool"
    priority number
    Priority of the policy. Type "number"
    questionMinLength number
    Min length of the password recovery question answer. Type "number"
    questionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recoveryEmailToken number
    Lifetime in minutes of the recovery email token. Type "number"
    skipUnlock boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    smsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status string
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    auth_provider str
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    call_recovery str
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description str
    Policy Description. Type "string"
    email_recovery str
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groups_includeds Sequence[str]
    List of Group IDs to Include. Type "list(string)"
    name str
    Policy Name. Type "string"
    password_auto_unlock_minutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    password_dictionary_lookup bool
    Check Passwords Against Common Password Dictionary. Type "bool"
    password_exclude_first_name bool
    User firstName attribute must be excluded from the password. Type "bool"
    password_exclude_last_name bool
    User lastName attribute must be excluded from the password. Type "bool"
    password_exclude_username bool
    If the username must be excluded from the password. Type "bool"
    password_expire_warn_days int
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    password_history_count int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    password_lockout_notification_channels Sequence[str]
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    password_max_age_days int
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    password_max_lockout_attempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    password_min_age_minutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    password_min_length int
    Minimum password length. Default is 8. Type "number"
    password_min_lowercase int
    Minimum number of lower case characters in a password. Type "number"
    password_min_number int
    Minimum number of numbers in a password. Type "number"
    password_min_symbol int
    Minimum number of symbols in a password. Type "number"
    password_min_uppercase int
    Minimum number of upper case characters in a password. Type "number"
    password_show_lockout_failures bool
    If a user should be informed when their account is locked. Type "bool"
    priority int
    Priority of the policy. Type "number"
    question_min_length int
    Min length of the password recovery question answer. Type "number"
    question_recovery str
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recovery_email_token int
    Lifetime in minutes of the recovery email token. Type "number"
    skip_unlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    sms_recovery str
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status str
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"
    authProvider String
    Authentication Provider: "OKTA", "ACTIVE_DIRECTORY" or "LDAP". Default is "OKTA". Type "string"
    callRecovery String
    Enable or disable voice call password recovery: ACTIVE or INACTIVE. Type "string"
    description String
    Policy Description. Type "string"
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Type "string"
    groupsIncludeds List<String>
    List of Group IDs to Include. Type "list(string)"
    name String
    Policy Name. Type "string"
    passwordAutoUnlockMinutes Number
    Number of minutes before a locked account is unlocked: 0 = no limit. Type "number"
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Type "bool"
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password. Type "bool"
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password. Type "bool"
    passwordExcludeUsername Boolean
    If the username must be excluded from the password. Type "bool"
    passwordExpireWarnDays Number
    Length in days a user will be warned before password expiry: 0 = no warning. Type "number"
    passwordHistoryCount Number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Type "number"
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked. Type "set(string)"
    passwordMaxAgeDays Number
    Length in days a password is valid before expiry: 0 = no limit. Type "number"
    passwordMaxLockoutAttempts Number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Type "number"
    passwordMinAgeMinutes Number
    Minimum time interval in minutes between password changes: 0 = no limit. Type "number"
    passwordMinLength Number
    Minimum password length. Default is 8. Type "number"
    passwordMinLowercase Number
    Minimum number of lower case characters in a password. Type "number"
    passwordMinNumber Number
    Minimum number of numbers in a password. Type "number"
    passwordMinSymbol Number
    Minimum number of symbols in a password. Type "number"
    passwordMinUppercase Number
    Minimum number of upper case characters in a password. Type "number"
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Type "bool"
    priority Number
    Priority of the policy. Type "number"
    questionMinLength Number
    Min length of the password recovery question answer. Type "number"
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Type "string"
    recoveryEmailToken Number
    Lifetime in minutes of the recovery email token. Type "number"
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Type "bool"
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Type "string"
    status String
    Policy Status: "ACTIVE" or "INACTIVE". Type "string"

    Import

    A Password Policy can be imported via the Okta ID.

    $ pulumi import okta:policy/password:Password example &#60;policy id&#62;
    

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.8.0 published on Saturday, Mar 2, 2024 by Pulumi