Unify and manage your data

Set a customer password policy

Learn about the API to update your customer password policy rules.

Use the Customer Password Policy to update your customer password policy.

A customer password policy defines the way you authenticate your customers based on a username and password.

You need to have a role with the appropriate access permissions (rights and privileges) to run this API:
  • ROLE_ADMIN_CUSTOMER

Request

PUT {tenantURL}/services/oauth/customers/{customerId}/passwordPolicy

For more information on the syntax of this API, see UPDATE customer password policy in the Configuration section in the Reltio Developer Portal.

This table defines the parameters in the body of this API to define your customer password policy.

ParameterDescription
expirePeriodInDaysThe period of time (in days) by which the customer must change the password before their account is locked.

For more information, see topic expirePeriodInDays.

inactivePeriodInDays

The period of time (in days) a customer account can be inactive after which it is automatically disabled.

Note: When the account is disabled after this period, the account status is still displayed as active in Console User Management until the user tries to log in, At that point, the account is disabled and the status is updated to inactive.

For more information, see topic inactivePeriodInDays.

numberOfFailedLoginAttemptsThe number of failed login attempts permitted before the customer's account is automatically locked.

For more information, see topic numberOfFailedLoginAttempts.

passwordRulesThe rules for validating a customer password.

For more information, see topic passwordRules.

userSessionTimeoutSecondsThe period of time (in seconds) a session can remain idle before the session times out and the customer is required to get a new token to log in again.
Note: The idle duration is applicable when there isn't user activity involving an API call. If an user clicks on the UI without taking any action, it doesn't count as activity.
For more information, see topic userSessionTimeoutSeconds.

Sample password policy

In this example, the password policy defines:
  • password expires in 50 days

  • 3 failed login attempts are allowed before locking the account

  • the user account can be inactive for 60 days before being made inactive

  • a user session times out after 300 seconds (5 minutes) of inactivity

  • the password must be between 4-10 characters, doesn't contain the user's name, hasn't been reused as the previous 2 passwords, and must contain 2 upper-case letters.

{
  "expirePeriodInDays": 50,
  "numberOfFailedLoginAttempts": 3,
  "inactivePeriodInDays": 60,
  "userSessionTimeoutSeconds": 300,
  "passwordRules": [
    {
      "type": ".LengthPRule",
      "min": 4,
      "max": 20
    },
    {
      "type": ".UsernamePRule"
    },
    {
      "type": ".HistoryPRule",
      "lastPasswordVerifyCount": 2
    },
    {
      "type": ".CharacterCharacteristicsPRule",
      "numberOfCharacteristics": 1,
      "ruleList": [
        {
          "type": ".UppercaseCharacterPRule",
          "numCharacters": 2
        }
      ]
    }
  ]
}