Set a customer password policy
Learn about the API to update your customer password policy rules.
Use the Customer Password Policy to update your customer password policy.
A customer password policy defines the way you authenticate your customers based on a username and password.
- ROLE_ADMIN_CUSTOMER
Request
PUT {tenantURL}/services/oauth/customers/{customerId}/passwordPolicyFor more information on the syntax of this API, see UPDATE customer password policy in the Configuration section in the Reltio Developer Portal.
This table defines the parameters in the body of this API to define your customer password policy.
| Parameter | Description |
|---|---|
expirePeriodInDays | The period of time (in days) by which the customer must change the password before their account is locked. For more information, see topic expirePeriodInDays. |
inactivePeriodInDays |
The period of time (in days) a customer account can be inactive after which it is automatically disabled. Note: When the account is disabled after this period, the account status is still displayed as active in Console User Management until the user tries to log in, At that point, the account is disabled and the status is updated to inactive.
For more information, see topic inactivePeriodInDays. |
numberOfFailedLoginAttempts | The number of failed login attempts permitted before the customer's account is automatically locked. For more information, see topic numberOfFailedLoginAttempts. |
passwordRules | The rules for validating a customer password. For more information, see topic passwordRules. |
userSessionTimeoutSeconds | The period of time (in seconds) a session can remain idle before the session times out and the customer is required to get a new token to log in again. Note: The idle duration is applicable when there isn't user activity involving an API call. If an user clicks on the UI without taking any action, it doesn't count as activity. For more information, see topic userSessionTimeoutSeconds. |
Sample password policy
-
password expires in 50 days
-
3 failed login attempts are allowed before locking the account
-
the user account can be inactive for 60 days before being made inactive
-
a user session times out after 300 seconds (5 minutes) of inactivity
-
the password must be between 4-10 characters, doesn't contain the user's name, hasn't been reused as the previous 2 passwords, and must contain 2 upper-case letters.
{
"expirePeriodInDays": 50,
"numberOfFailedLoginAttempts": 3,
"inactivePeriodInDays": 60,
"userSessionTimeoutSeconds": 300,
"passwordRules": [
{
"type": ".LengthPRule",
"min": 4,
"max": 20
},
{
"type": ".UsernamePRule"
},
{
"type": ".HistoryPRule",
"lastPasswordVerifyCount": 2
},
{
"type": ".CharacterCharacteristicsPRule",
"numberOfCharacteristics": 1,
"ruleList": [
{
"type": ".UppercaseCharacterPRule",
"numCharacters": 2
}
]
}
]
}