PolicyPasswordDefault

Configures default password policy.

This resource allows you to configure default password policy.

Example Usage

using Pulumi;
using Okta = Pulumi.Okta;

class MyStack : Stack
{
    public MyStack()
    {
        var @default = new Okta.PolicyPasswordDefault("default", new Okta.PolicyPasswordDefaultArgs
        {
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v3/go/okta"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := okta.NewPolicyPasswordDefault(ctx, "_default", nil)
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_okta as okta

default = okta.PolicyPasswordDefault("default")
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const defaultPolicyPasswordDefault = new okta.PolicyPasswordDefault("default", {});

Create a PolicyPasswordDefault Resource

new PolicyPasswordDefault(name: string, args?: PolicyPasswordDefaultArgs, opts?: CustomResourceOptions);
@overload
def PolicyPasswordDefault(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          call_recovery: Optional[str] = None,
                          email_recovery: Optional[str] = None,
                          password_auto_unlock_minutes: Optional[int] = None,
                          password_dictionary_lookup: Optional[bool] = None,
                          password_exclude_first_name: Optional[bool] = None,
                          password_exclude_last_name: Optional[bool] = None,
                          password_exclude_username: Optional[bool] = None,
                          password_expire_warn_days: Optional[int] = None,
                          password_history_count: Optional[int] = None,
                          password_lockout_notification_channels: Optional[Sequence[str]] = None,
                          password_max_age_days: Optional[int] = None,
                          password_max_lockout_attempts: Optional[int] = None,
                          password_min_age_minutes: Optional[int] = None,
                          password_min_length: Optional[int] = None,
                          password_min_lowercase: Optional[int] = None,
                          password_min_number: Optional[int] = None,
                          password_min_symbol: Optional[int] = None,
                          password_min_uppercase: Optional[int] = None,
                          password_show_lockout_failures: Optional[bool] = None,
                          question_min_length: Optional[int] = None,
                          question_recovery: Optional[str] = None,
                          recovery_email_token: Optional[int] = None,
                          skip_unlock: Optional[bool] = None,
                          sms_recovery: Optional[str] = None)
@overload
def PolicyPasswordDefault(resource_name: str,
                          args: Optional[PolicyPasswordDefaultArgs] = None,
                          opts: Optional[ResourceOptions] = None)
func NewPolicyPasswordDefault(ctx *Context, name string, args *PolicyPasswordDefaultArgs, opts ...ResourceOption) (*PolicyPasswordDefault, error)
public PolicyPasswordDefault(string name, PolicyPasswordDefaultArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args PolicyPasswordDefaultArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args PolicyPasswordDefaultArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args PolicyPasswordDefaultArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args PolicyPasswordDefaultArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

PolicyPasswordDefault Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The PolicyPasswordDefault resource accepts the following input properties:

CallRecovery string
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE.
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password.
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password.
PasswordExcludeUsername bool
If the username must be excluded from the password.
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordLockoutNotificationChannels List<string>
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit.,
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int
Minimum password length. Default is 8.
PasswordMinLowercase int
Minimum number of lower case characters in a password.
PasswordMinNumber int
Minimum number of numbers in a password.
PasswordMinSymbol int
Minimum number of symbols in a password.
PasswordMinUppercase int
Minimum number of upper case characters in a password.
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked.
QuestionMinLength int
Min length of the password recovery question answer.
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int
Lifetime in minutes of the recovery email token.
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
CallRecovery string
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE.
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password.
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password.
PasswordExcludeUsername bool
If the username must be excluded from the password.
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordLockoutNotificationChannels []string
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit.,
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int
Minimum password length. Default is 8.
PasswordMinLowercase int
Minimum number of lower case characters in a password.
PasswordMinNumber int
Minimum number of numbers in a password.
PasswordMinSymbol int
Minimum number of symbols in a password.
PasswordMinUppercase int
Minimum number of upper case characters in a password.
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked.
QuestionMinLength int
Min length of the password recovery question answer.
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int
Lifetime in minutes of the recovery email token.
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
callRecovery string
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
emailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE.
passwordAutoUnlockMinutes number
Number of minutes before a locked account is unlocked: 0 = no limit.
passwordDictionaryLookup boolean
Check Passwords Against Common Password Dictionary.
passwordExcludeFirstName boolean
User firstName attribute must be excluded from the password.
passwordExcludeLastName boolean
User lastName attribute must be excluded from the password.
passwordExcludeUsername boolean
If the username must be excluded from the password.
passwordExpireWarnDays number
Length in days a user will be warned before password expiry: 0 = no warning.
passwordHistoryCount number
Number of distinct passwords that must be created before they can be reused: 0 = none.
passwordLockoutNotificationChannels string[]
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays number
Length in days a password is valid before expiry: 0 = no limit.,
passwordMaxLockoutAttempts number
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
passwordMinAgeMinutes number
Minimum time interval in minutes between password changes: 0 = no limit.
passwordMinLength number
Minimum password length. Default is 8.
passwordMinLowercase number
Minimum number of lower case characters in a password.
passwordMinNumber number
Minimum number of numbers in a password.
passwordMinSymbol number
Minimum number of symbols in a password.
passwordMinUppercase number
Minimum number of upper case characters in a password.
passwordShowLockoutFailures boolean
If a user should be informed when their account is locked.
questionMinLength number
Min length of the password recovery question answer.
questionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE.
recoveryEmailToken number
Lifetime in minutes of the recovery email token.
skipUnlock boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
smsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
call_recovery str
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
email_recovery str
Enable or disable email password recovery: ACTIVE or INACTIVE.
password_auto_unlock_minutes int
Number of minutes before a locked account is unlocked: 0 = no limit.
password_dictionary_lookup bool
Check Passwords Against Common Password Dictionary.
password_exclude_first_name bool
User firstName attribute must be excluded from the password.
password_exclude_last_name bool
User lastName attribute must be excluded from the password.
password_exclude_username bool
If the username must be excluded from the password.
password_expire_warn_days int
Length in days a user will be warned before password expiry: 0 = no warning.
password_history_count int
Number of distinct passwords that must be created before they can be reused: 0 = none.
password_lockout_notification_channels Sequence[str]
Notification channels to use to notify a user when their account has been locked.
password_max_age_days int
Length in days a password is valid before expiry: 0 = no limit.,
password_max_lockout_attempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
password_min_age_minutes int
Minimum time interval in minutes between password changes: 0 = no limit.
password_min_length int
Minimum password length. Default is 8.
password_min_lowercase int
Minimum number of lower case characters in a password.
password_min_number int
Minimum number of numbers in a password.
password_min_symbol int
Minimum number of symbols in a password.
password_min_uppercase int
Minimum number of upper case characters in a password.
password_show_lockout_failures bool
If a user should be informed when their account is locked.
question_min_length int
Min length of the password recovery question answer.
question_recovery str
Enable or disable security question password recovery: ACTIVE or INACTIVE.
recovery_email_token int
Lifetime in minutes of the recovery email token.
skip_unlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
sms_recovery str
Enable or disable SMS password recovery: ACTIVE or INACTIVE.

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyPasswordDefault resource produces the following output properties:

DefaultAuthProvider string
Default authentication provider.
DefaultIncludedGroupId string
ID of the default Okta group.
Description string
Default policy description.
Id string
The provider-assigned unique ID for this managed resource.
Name string
Default policy name.
Priority int
Default policy priority.
Status string
Default policy status.
DefaultAuthProvider string
Default authentication provider.
DefaultIncludedGroupId string
ID of the default Okta group.
Description string
Default policy description.
Id string
The provider-assigned unique ID for this managed resource.
Name string
Default policy name.
Priority int
Default policy priority.
Status string
Default policy status.
defaultAuthProvider string
Default authentication provider.
defaultIncludedGroupId string
ID of the default Okta group.
description string
Default policy description.
id string
The provider-assigned unique ID for this managed resource.
name string
Default policy name.
priority number
Default policy priority.
status string
Default policy status.
default_auth_provider str
Default authentication provider.
default_included_group_id str
ID of the default Okta group.
description str
Default policy description.
id str
The provider-assigned unique ID for this managed resource.
name str
Default policy name.
priority int
Default policy priority.
status str
Default policy status.

Look up an Existing PolicyPasswordDefault Resource

Get an existing PolicyPasswordDefault resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyPasswordDefaultState, opts?: CustomResourceOptions): PolicyPasswordDefault
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        call_recovery: Optional[str] = None,
        default_auth_provider: Optional[str] = None,
        default_included_group_id: Optional[str] = None,
        description: Optional[str] = None,
        email_recovery: Optional[str] = None,
        name: Optional[str] = None,
        password_auto_unlock_minutes: Optional[int] = None,
        password_dictionary_lookup: Optional[bool] = None,
        password_exclude_first_name: Optional[bool] = None,
        password_exclude_last_name: Optional[bool] = None,
        password_exclude_username: Optional[bool] = None,
        password_expire_warn_days: Optional[int] = None,
        password_history_count: Optional[int] = None,
        password_lockout_notification_channels: Optional[Sequence[str]] = None,
        password_max_age_days: Optional[int] = None,
        password_max_lockout_attempts: Optional[int] = None,
        password_min_age_minutes: Optional[int] = None,
        password_min_length: Optional[int] = None,
        password_min_lowercase: Optional[int] = None,
        password_min_number: Optional[int] = None,
        password_min_symbol: Optional[int] = None,
        password_min_uppercase: Optional[int] = None,
        password_show_lockout_failures: Optional[bool] = None,
        priority: Optional[int] = None,
        question_min_length: Optional[int] = None,
        question_recovery: Optional[str] = None,
        recovery_email_token: Optional[int] = None,
        skip_unlock: Optional[bool] = None,
        sms_recovery: Optional[str] = None,
        status: Optional[str] = None) -> PolicyPasswordDefault
func GetPolicyPasswordDefault(ctx *Context, name string, id IDInput, state *PolicyPasswordDefaultState, opts ...ResourceOption) (*PolicyPasswordDefault, error)
public static PolicyPasswordDefault Get(string name, Input<string> id, PolicyPasswordDefaultState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

CallRecovery string
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
DefaultAuthProvider string
Default authentication provider.
DefaultIncludedGroupId string
ID of the default Okta group.
Description string
Default policy description.
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE.
Name string
Default policy name.
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password.
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password.
PasswordExcludeUsername bool
If the username must be excluded from the password.
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordLockoutNotificationChannels List<string>
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit.,
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int
Minimum password length. Default is 8.
PasswordMinLowercase int
Minimum number of lower case characters in a password.
PasswordMinNumber int
Minimum number of numbers in a password.
PasswordMinSymbol int
Minimum number of symbols in a password.
PasswordMinUppercase int
Minimum number of upper case characters in a password.
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked.
Priority int
Default policy priority.
QuestionMinLength int
Min length of the password recovery question answer.
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int
Lifetime in minutes of the recovery email token.
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
Status string
Default policy status.
CallRecovery string
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
DefaultAuthProvider string
Default authentication provider.
DefaultIncludedGroupId string
ID of the default Okta group.
Description string
Default policy description.
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE.
Name string
Default policy name.
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit.
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary.
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password.
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password.
PasswordExcludeUsername bool
If the username must be excluded from the password.
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning.
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none.
PasswordLockoutNotificationChannels []string
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit.,
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit.
PasswordMinLength int
Minimum password length. Default is 8.
PasswordMinLowercase int
Minimum number of lower case characters in a password.
PasswordMinNumber int
Minimum number of numbers in a password.
PasswordMinSymbol int
Minimum number of symbols in a password.
PasswordMinUppercase int
Minimum number of upper case characters in a password.
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked.
Priority int
Default policy priority.
QuestionMinLength int
Min length of the password recovery question answer.
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE.
RecoveryEmailToken int
Lifetime in minutes of the recovery email token.
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
Status string
Default policy status.
callRecovery string
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
defaultAuthProvider string
Default authentication provider.
defaultIncludedGroupId string
ID of the default Okta group.
description string
Default policy description.
emailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE.
name string
Default policy name.
passwordAutoUnlockMinutes number
Number of minutes before a locked account is unlocked: 0 = no limit.
passwordDictionaryLookup boolean
Check Passwords Against Common Password Dictionary.
passwordExcludeFirstName boolean
User firstName attribute must be excluded from the password.
passwordExcludeLastName boolean
User lastName attribute must be excluded from the password.
passwordExcludeUsername boolean
If the username must be excluded from the password.
passwordExpireWarnDays number
Length in days a user will be warned before password expiry: 0 = no warning.
passwordHistoryCount number
Number of distinct passwords that must be created before they can be reused: 0 = none.
passwordLockoutNotificationChannels string[]
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays number
Length in days a password is valid before expiry: 0 = no limit.,
passwordMaxLockoutAttempts number
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
passwordMinAgeMinutes number
Minimum time interval in minutes between password changes: 0 = no limit.
passwordMinLength number
Minimum password length. Default is 8.
passwordMinLowercase number
Minimum number of lower case characters in a password.
passwordMinNumber number
Minimum number of numbers in a password.
passwordMinSymbol number
Minimum number of symbols in a password.
passwordMinUppercase number
Minimum number of upper case characters in a password.
passwordShowLockoutFailures boolean
If a user should be informed when their account is locked.
priority number
Default policy priority.
questionMinLength number
Min length of the password recovery question answer.
questionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE.
recoveryEmailToken number
Lifetime in minutes of the recovery email token.
skipUnlock boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
smsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
status string
Default policy status.
call_recovery str
Enable or disable voice call password recovery: ACTIVE or INACTIVE.
default_auth_provider str
Default authentication provider.
default_included_group_id str
ID of the default Okta group.
description str
Default policy description.
email_recovery str
Enable or disable email password recovery: ACTIVE or INACTIVE.
name str
Default policy name.
password_auto_unlock_minutes int
Number of minutes before a locked account is unlocked: 0 = no limit.
password_dictionary_lookup bool
Check Passwords Against Common Password Dictionary.
password_exclude_first_name bool
User firstName attribute must be excluded from the password.
password_exclude_last_name bool
User lastName attribute must be excluded from the password.
password_exclude_username bool
If the username must be excluded from the password.
password_expire_warn_days int
Length in days a user will be warned before password expiry: 0 = no warning.
password_history_count int
Number of distinct passwords that must be created before they can be reused: 0 = none.
password_lockout_notification_channels Sequence[str]
Notification channels to use to notify a user when their account has been locked.
password_max_age_days int
Length in days a password is valid before expiry: 0 = no limit.,
password_max_lockout_attempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit.
password_min_age_minutes int
Minimum time interval in minutes between password changes: 0 = no limit.
password_min_length int
Minimum password length. Default is 8.
password_min_lowercase int
Minimum number of lower case characters in a password.
password_min_number int
Minimum number of numbers in a password.
password_min_symbol int
Minimum number of symbols in a password.
password_min_uppercase int
Minimum number of upper case characters in a password.
password_show_lockout_failures bool
If a user should be informed when their account is locked.
priority int
Default policy priority.
question_min_length int
Min length of the password recovery question answer.
question_recovery str
Enable or disable security question password recovery: ACTIVE or INACTIVE.
recovery_email_token int
Lifetime in minutes of the recovery email token.
skip_unlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user’s Windows account.
sms_recovery str
Enable or disable SMS password recovery: ACTIVE or INACTIVE.
status str
Default policy status.

Import

Default Password Policy can be imported without providing Okta ID.

 $ pulumi import okta:index/policyPasswordDefault:PolicyPasswordDefault example .

Package Details

Repository
https://github.com/pulumi/pulumi-okta
License
Apache-2.0
Notes
This Pulumi package is based on the okta Terraform Provider.