Set a customer password policy
Learn more about the API operation to update your customer password policy rules.
Use the Customer Password Policy to update your customer password policy.
- ROLE_ADMIN_CUSTOMER
Request
PUT {tenantURL}/services/oauth/customers/{customerId}/passwordPolicyFor more information on the syntax of this API, see UPDATE customer password policy in the Configuration section in the Reltio Developer Portal.
This table defines the parameters in the body of this API to define your customer password policy.
| Parameter | Description |
|---|---|
expirePeriodInDays | The period of time (in days) by which the customer must change the password before their account is locked. For more information, see topic expirePeriodInDays. |
inactivePeriodInDays |
The period of time (in days) a customer account can be inactive after which it is automatically disabled. Must be between 1 to 180, inclusive. If not defined, inherits the default value from the default policy. Note: When the account is disabled after this period, the account status is still displayed as active in Console User Management until the user tries to log in, At that point, the account is disabled and the status is updated to inactive.
For more information, see topic inactivePeriodInDays. |
numberOfFailedLoginAttempts | The number of failed login attempts permitted before the customer's account is automatically locked. Must be between 2 and 20, inclusive. If not defined, inherits the default value from the default policy. For more information, see topic numberOfFailedLoginAttempts. |
numberOfFailedMFALoginAttempts | The number of failed login MFA attempts permitted before the customer's account is automatically locked. Must be between 2 and 20, inclusive. If not defined, inherits the default value from the default policy. |
passwordRules | The rules for validating a customer password. For more information, see topic passwordRules. |
userSessionTimeoutSeconds |
Important:
Before enabling this userSessionTimeoutSeconds, Contact a support person. Its configuration setting involves infrastructure-level considerations that may affect the behavior of your tenant and connected applications. For this reason, Reltio Support must validate the setup and confirm compatibility with your environment before it can be safely applied.
Do not enable this parameter directly in your environment without prior coordination with your customer support person. The period of time (in seconds) a session can remain idle before the session times out and the customer is required to get a new token to log in again.
Note: The idle duration is applicable when there isn't user activity involving an API call. If an user clicks on the UI without taking any action, it doesn't count as activity. For more information, see topic userSessionTimeoutSeconds. |
Sample password policy
In this example, the password policy defines the following rules:
- The password expires in 50 days.
- Three failed login attempts are allowed before the account is locked.
- The user account becomes inactive after 60 days of inactivity.
- A user session times out after 300 seconds (5 minutes) of inactivity.
- The password must meet the following conditions:
- Be between 4–10 characters
- Not contain the user's name
- Not reuse the last two passwords
- Include at least two uppercase letters
{
"expirePeriodInDays": 50,
"numberOfFailedLoginAttempts": 3,
"inactivePeriodInDays": 60,
"userSessionTimeoutSeconds": 300,
"passwordRules": [
{
"type": ".LengthPRule",
"min": 4,
"max": 20
},
{
"type": ".UsernamePRule"
},
{
"type": ".HistoryPRule",
"lastPasswordVerifyCount": 2
},
{
"type": ".CharacterCharacteristicsPRule",
"numberOfCharacteristics": 1,
"ruleList": [
{
"type": ".UppercaseCharacterPRule",
"numCharacters": 2
}
]
}
]
}