1. Packages
  2. Okta Provider
  3. API Docs
  4. policy
  5. Password
Okta v4.16.0 published on Wednesday, Apr 9, 2025 by Pulumi

okta.policy.Password

Explore with Pulumi AI

Creates a Password Policy. This resource allows you to create and configure a Password Policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.policy.Password("example", {
    name: "example",
    status: "ACTIVE",
    description: "Example",
    passwordHistoryCount: 4,
    groupsIncludeds: [everyone.id],
});
Copy
import pulumi
import pulumi_okta as okta

example = okta.policy.Password("example",
    name="example",
    status="ACTIVE",
    description="Example",
    password_history_count=4,
    groups_includeds=[everyone["id"]])
Copy
package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := policy.NewPassword(ctx, "example", &policy.PasswordArgs{
			Name:                 pulumi.String("example"),
			Status:               pulumi.String("ACTIVE"),
			Description:          pulumi.String("Example"),
			PasswordHistoryCount: pulumi.Int(4),
			GroupsIncludeds: pulumi.StringArray{
				everyone.Id,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = new Okta.Policy.Password("example", new()
    {
        Name = "example",
        Status = "ACTIVE",
        Description = "Example",
        PasswordHistoryCount = 4,
        GroupsIncludeds = new[]
        {
            everyone.Id,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.Password;
import com.pulumi.okta.policy.PasswordArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Password("example", PasswordArgs.builder()
            .name("example")
            .status("ACTIVE")
            .description("Example")
            .passwordHistoryCount(4)
            .groupsIncludeds(everyone.id())
            .build());

    }
}
Copy
resources:
  example:
    type: okta:policy:Password
    properties:
      name: example
      status: ACTIVE
      description: Example
      passwordHistoryCount: 4
      groupsIncludeds:
        - ${everyone.id}
Copy

Create Password Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Password(name: string, args?: PasswordArgs, opts?: CustomResourceOptions);
@overload
def Password(resource_name: str,
             args: Optional[PasswordArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def Password(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             auth_provider: Optional[str] = None,
             call_recovery: Optional[str] = None,
             description: Optional[str] = None,
             email_recovery: Optional[str] = None,
             groups_includeds: Optional[Sequence[str]] = None,
             name: Optional[str] = None,
             password_auto_unlock_minutes: Optional[int] = None,
             password_dictionary_lookup: Optional[bool] = None,
             password_exclude_first_name: Optional[bool] = None,
             password_exclude_last_name: Optional[bool] = None,
             password_exclude_username: Optional[bool] = None,
             password_expire_warn_days: Optional[int] = None,
             password_history_count: Optional[int] = None,
             password_lockout_notification_channels: Optional[Sequence[str]] = None,
             password_max_age_days: Optional[int] = None,
             password_max_lockout_attempts: Optional[int] = None,
             password_min_age_minutes: Optional[int] = None,
             password_min_length: Optional[int] = None,
             password_min_lowercase: Optional[int] = None,
             password_min_number: Optional[int] = None,
             password_min_symbol: Optional[int] = None,
             password_min_uppercase: Optional[int] = None,
             password_show_lockout_failures: Optional[bool] = None,
             priority: Optional[int] = None,
             question_min_length: Optional[int] = None,
             question_recovery: Optional[str] = None,
             recovery_email_token: Optional[int] = None,
             skip_unlock: Optional[bool] = None,
             sms_recovery: Optional[str] = None,
             status: Optional[str] = None)
func NewPassword(ctx *Context, name string, args *PasswordArgs, opts ...ResourceOption) (*Password, error)
public Password(string name, PasswordArgs? args = null, CustomResourceOptions? opts = null)
public Password(String name, PasswordArgs args)
public Password(String name, PasswordArgs args, CustomResourceOptions options)
type: okta:policy:Password
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args PasswordArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args PasswordArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args PasswordArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args PasswordArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. PasswordArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var passwordResource = new Okta.Policy.Password("passwordResource", new()
{
    AuthProvider = "string",
    CallRecovery = "string",
    Description = "string",
    EmailRecovery = "string",
    GroupsIncludeds = new[]
    {
        "string",
    },
    Name = "string",
    PasswordAutoUnlockMinutes = 0,
    PasswordDictionaryLookup = false,
    PasswordExcludeFirstName = false,
    PasswordExcludeLastName = false,
    PasswordExcludeUsername = false,
    PasswordExpireWarnDays = 0,
    PasswordHistoryCount = 0,
    PasswordLockoutNotificationChannels = new[]
    {
        "string",
    },
    PasswordMaxAgeDays = 0,
    PasswordMaxLockoutAttempts = 0,
    PasswordMinAgeMinutes = 0,
    PasswordMinLength = 0,
    PasswordMinLowercase = 0,
    PasswordMinNumber = 0,
    PasswordMinSymbol = 0,
    PasswordMinUppercase = 0,
    PasswordShowLockoutFailures = false,
    Priority = 0,
    QuestionMinLength = 0,
    QuestionRecovery = "string",
    RecoveryEmailToken = 0,
    SkipUnlock = false,
    SmsRecovery = "string",
    Status = "string",
});
Copy
example, err := policy.NewPassword(ctx, "passwordResource", &policy.PasswordArgs{
	AuthProvider:  pulumi.String("string"),
	CallRecovery:  pulumi.String("string"),
	Description:   pulumi.String("string"),
	EmailRecovery: pulumi.String("string"),
	GroupsIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name:                      pulumi.String("string"),
	PasswordAutoUnlockMinutes: pulumi.Int(0),
	PasswordDictionaryLookup:  pulumi.Bool(false),
	PasswordExcludeFirstName:  pulumi.Bool(false),
	PasswordExcludeLastName:   pulumi.Bool(false),
	PasswordExcludeUsername:   pulumi.Bool(false),
	PasswordExpireWarnDays:    pulumi.Int(0),
	PasswordHistoryCount:      pulumi.Int(0),
	PasswordLockoutNotificationChannels: pulumi.StringArray{
		pulumi.String("string"),
	},
	PasswordMaxAgeDays:          pulumi.Int(0),
	PasswordMaxLockoutAttempts:  pulumi.Int(0),
	PasswordMinAgeMinutes:       pulumi.Int(0),
	PasswordMinLength:           pulumi.Int(0),
	PasswordMinLowercase:        pulumi.Int(0),
	PasswordMinNumber:           pulumi.Int(0),
	PasswordMinSymbol:           pulumi.Int(0),
	PasswordMinUppercase:        pulumi.Int(0),
	PasswordShowLockoutFailures: pulumi.Bool(false),
	Priority:                    pulumi.Int(0),
	QuestionMinLength:           pulumi.Int(0),
	QuestionRecovery:            pulumi.String("string"),
	RecoveryEmailToken:          pulumi.Int(0),
	SkipUnlock:                  pulumi.Bool(false),
	SmsRecovery:                 pulumi.String("string"),
	Status:                      pulumi.String("string"),
})
Copy
var passwordResource = new Password("passwordResource", PasswordArgs.builder()
    .authProvider("string")
    .callRecovery("string")
    .description("string")
    .emailRecovery("string")
    .groupsIncludeds("string")
    .name("string")
    .passwordAutoUnlockMinutes(0)
    .passwordDictionaryLookup(false)
    .passwordExcludeFirstName(false)
    .passwordExcludeLastName(false)
    .passwordExcludeUsername(false)
    .passwordExpireWarnDays(0)
    .passwordHistoryCount(0)
    .passwordLockoutNotificationChannels("string")
    .passwordMaxAgeDays(0)
    .passwordMaxLockoutAttempts(0)
    .passwordMinAgeMinutes(0)
    .passwordMinLength(0)
    .passwordMinLowercase(0)
    .passwordMinNumber(0)
    .passwordMinSymbol(0)
    .passwordMinUppercase(0)
    .passwordShowLockoutFailures(false)
    .priority(0)
    .questionMinLength(0)
    .questionRecovery("string")
    .recoveryEmailToken(0)
    .skipUnlock(false)
    .smsRecovery("string")
    .status("string")
    .build());
Copy
password_resource = okta.policy.Password("passwordResource",
    auth_provider="string",
    call_recovery="string",
    description="string",
    email_recovery="string",
    groups_includeds=["string"],
    name="string",
    password_auto_unlock_minutes=0,
    password_dictionary_lookup=False,
    password_exclude_first_name=False,
    password_exclude_last_name=False,
    password_exclude_username=False,
    password_expire_warn_days=0,
    password_history_count=0,
    password_lockout_notification_channels=["string"],
    password_max_age_days=0,
    password_max_lockout_attempts=0,
    password_min_age_minutes=0,
    password_min_length=0,
    password_min_lowercase=0,
    password_min_number=0,
    password_min_symbol=0,
    password_min_uppercase=0,
    password_show_lockout_failures=False,
    priority=0,
    question_min_length=0,
    question_recovery="string",
    recovery_email_token=0,
    skip_unlock=False,
    sms_recovery="string",
    status="string")
Copy
const passwordResource = new okta.policy.Password("passwordResource", {
    authProvider: "string",
    callRecovery: "string",
    description: "string",
    emailRecovery: "string",
    groupsIncludeds: ["string"],
    name: "string",
    passwordAutoUnlockMinutes: 0,
    passwordDictionaryLookup: false,
    passwordExcludeFirstName: false,
    passwordExcludeLastName: false,
    passwordExcludeUsername: false,
    passwordExpireWarnDays: 0,
    passwordHistoryCount: 0,
    passwordLockoutNotificationChannels: ["string"],
    passwordMaxAgeDays: 0,
    passwordMaxLockoutAttempts: 0,
    passwordMinAgeMinutes: 0,
    passwordMinLength: 0,
    passwordMinLowercase: 0,
    passwordMinNumber: 0,
    passwordMinSymbol: 0,
    passwordMinUppercase: 0,
    passwordShowLockoutFailures: false,
    priority: 0,
    questionMinLength: 0,
    questionRecovery: "string",
    recoveryEmailToken: 0,
    skipUnlock: false,
    smsRecovery: "string",
    status: "string",
});
Copy
type: okta:policy:Password
properties:
    authProvider: string
    callRecovery: string
    description: string
    emailRecovery: string
    groupsIncludeds:
        - string
    name: string
    passwordAutoUnlockMinutes: 0
    passwordDictionaryLookup: false
    passwordExcludeFirstName: false
    passwordExcludeLastName: false
    passwordExcludeUsername: false
    passwordExpireWarnDays: 0
    passwordHistoryCount: 0
    passwordLockoutNotificationChannels:
        - string
    passwordMaxAgeDays: 0
    passwordMaxLockoutAttempts: 0
    passwordMinAgeMinutes: 0
    passwordMinLength: 0
    passwordMinLowercase: 0
    passwordMinNumber: 0
    passwordMinSymbol: 0
    passwordMinUppercase: 0
    passwordShowLockoutFailures: false
    priority: 0
    questionMinLength: 0
    questionRecovery: string
    recoveryEmailToken: 0
    skipUnlock: false
    smsRecovery: string
    status: string
Copy

Password Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Password resource accepts the following input properties:

AuthProvider string
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string
Policy Description
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds List<string>
List of Group IDs to Include
Name string
Policy Name
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password
PasswordExcludeUsername bool
If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels List<string>
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int
Minimum password length. Default: 8
PasswordMinLowercase int
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked. Default: false
Priority int
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int
Min length of the password recovery question answer. Default: 4
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int
Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
AuthProvider string
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string
Policy Description
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds []string
List of Group IDs to Include
Name string
Policy Name
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password
PasswordExcludeUsername bool
If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels []string
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int
Minimum password length. Default: 8
PasswordMinLowercase int
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked. Default: false
Priority int
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int
Min length of the password recovery question answer. Default: 4
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int
Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
authProvider String
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String
Policy Description
emailRecovery String
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>
List of Group IDs to Include
name String
Policy Name
passwordAutoUnlockMinutes Integer
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean
Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean
User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean
User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean
If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Integer
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Integer
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Integer
Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Integer
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Integer
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Integer
Minimum password length. Default: 8
passwordMinLowercase Integer
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Integer
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Integer
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Integer
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean
If a user should be informed when their account is locked. Default: false
priority Integer
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Integer
Min length of the password recovery question answer. Default: 4
questionRecovery String
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Integer
Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
authProvider string
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery string
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description string
Policy Description
emailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds string[]
List of Group IDs to Include
name string
Policy Name
passwordAutoUnlockMinutes number
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup boolean
Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName boolean
User firstName attribute must be excluded from the password
passwordExcludeLastName boolean
User lastName attribute must be excluded from the password
passwordExcludeUsername boolean
If the user name must be excluded from the password. Default: true
passwordExpireWarnDays number
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount number
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels string[]
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays number
Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts number
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes number
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength number
Minimum password length. Default: 8
passwordMinLowercase number
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber number
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol number
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase number
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures boolean
If a user should be informed when their account is locked. Default: false
priority number
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength number
Min length of the password recovery question answer. Default: 4
questionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken number
Lifetime in minutes of the recovery email token. Default: 60
skipUnlock boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status string
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
auth_provider str
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
call_recovery str
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description str
Policy Description
email_recovery str
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groups_includeds Sequence[str]
List of Group IDs to Include
name str
Policy Name
password_auto_unlock_minutes int
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
password_dictionary_lookup bool
Check Passwords Against Common Password Dictionary. Default: false
password_exclude_first_name bool
User firstName attribute must be excluded from the password
password_exclude_last_name bool
User lastName attribute must be excluded from the password
password_exclude_username bool
If the user name must be excluded from the password. Default: true
password_expire_warn_days int
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
password_history_count int
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
password_lockout_notification_channels Sequence[str]
Notification channels to use to notify a user when their account has been locked.
password_max_age_days int
Length in days a password is valid before expiry: 0 = no limit. Default: 0
password_max_lockout_attempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
password_min_age_minutes int
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
password_min_length int
Minimum password length. Default: 8
password_min_lowercase int
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
password_min_number int
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
password_min_symbol int
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
password_min_uppercase int
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
password_show_lockout_failures bool
If a user should be informed when their account is locked. Default: false
priority int
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
question_min_length int
Min length of the password recovery question answer. Default: 4
question_recovery str
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recovery_email_token int
Lifetime in minutes of the recovery email token. Default: 60
skip_unlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
sms_recovery str
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status str
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
authProvider String
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String
Policy Description
emailRecovery String
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>
List of Group IDs to Include
name String
Policy Name
passwordAutoUnlockMinutes Number
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean
Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean
User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean
User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean
If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Number
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Number
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Number
Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Number
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Number
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Number
Minimum password length. Default: 8
passwordMinLowercase Number
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Number
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Number
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Number
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean
If a user should be informed when their account is locked. Default: false
priority Number
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Number
Min length of the password recovery question answer. Default: 4
questionRecovery String
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Number
Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

Outputs

All input properties are implicitly available as output properties. Additionally, the Password resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing Password Resource

Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PasswordState, opts?: CustomResourceOptions): Password
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auth_provider: Optional[str] = None,
        call_recovery: Optional[str] = None,
        description: Optional[str] = None,
        email_recovery: Optional[str] = None,
        groups_includeds: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        password_auto_unlock_minutes: Optional[int] = None,
        password_dictionary_lookup: Optional[bool] = None,
        password_exclude_first_name: Optional[bool] = None,
        password_exclude_last_name: Optional[bool] = None,
        password_exclude_username: Optional[bool] = None,
        password_expire_warn_days: Optional[int] = None,
        password_history_count: Optional[int] = None,
        password_lockout_notification_channels: Optional[Sequence[str]] = None,
        password_max_age_days: Optional[int] = None,
        password_max_lockout_attempts: Optional[int] = None,
        password_min_age_minutes: Optional[int] = None,
        password_min_length: Optional[int] = None,
        password_min_lowercase: Optional[int] = None,
        password_min_number: Optional[int] = None,
        password_min_symbol: Optional[int] = None,
        password_min_uppercase: Optional[int] = None,
        password_show_lockout_failures: Optional[bool] = None,
        priority: Optional[int] = None,
        question_min_length: Optional[int] = None,
        question_recovery: Optional[str] = None,
        recovery_email_token: Optional[int] = None,
        skip_unlock: Optional[bool] = None,
        sms_recovery: Optional[str] = None,
        status: Optional[str] = None) -> Password
func GetPassword(ctx *Context, name string, id IDInput, state *PasswordState, opts ...ResourceOption) (*Password, error)
public static Password Get(string name, Input<string> id, PasswordState? state, CustomResourceOptions? opts = null)
public static Password get(String name, Output<String> id, PasswordState state, CustomResourceOptions options)
resources:  _:    type: okta:policy:Password    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AuthProvider string
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string
Policy Description
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds List<string>
List of Group IDs to Include
Name string
Policy Name
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password
PasswordExcludeUsername bool
If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels List<string>
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int
Minimum password length. Default: 8
PasswordMinLowercase int
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked. Default: false
Priority int
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int
Min length of the password recovery question answer. Default: 4
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int
Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
AuthProvider string
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string
Policy Description
EmailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds []string
List of Group IDs to Include
Name string
Policy Name
PasswordAutoUnlockMinutes int
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool
Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool
User firstName attribute must be excluded from the password
PasswordExcludeLastName bool
User lastName attribute must be excluded from the password
PasswordExcludeUsername bool
If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels []string
Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int
Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int
Minimum password length. Default: 8
PasswordMinLowercase int
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool
If a user should be informed when their account is locked. Default: false
Priority int
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int
Min length of the password recovery question answer. Default: 4
QuestionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int
Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
authProvider String
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String
Policy Description
emailRecovery String
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>
List of Group IDs to Include
name String
Policy Name
passwordAutoUnlockMinutes Integer
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean
Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean
User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean
User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean
If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Integer
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Integer
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Integer
Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Integer
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Integer
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Integer
Minimum password length. Default: 8
passwordMinLowercase Integer
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Integer
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Integer
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Integer
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean
If a user should be informed when their account is locked. Default: false
priority Integer
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Integer
Min length of the password recovery question answer. Default: 4
questionRecovery String
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Integer
Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
authProvider string
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery string
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description string
Policy Description
emailRecovery string
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds string[]
List of Group IDs to Include
name string
Policy Name
passwordAutoUnlockMinutes number
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup boolean
Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName boolean
User firstName attribute must be excluded from the password
passwordExcludeLastName boolean
User lastName attribute must be excluded from the password
passwordExcludeUsername boolean
If the user name must be excluded from the password. Default: true
passwordExpireWarnDays number
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount number
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels string[]
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays number
Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts number
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes number
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength number
Minimum password length. Default: 8
passwordMinLowercase number
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber number
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol number
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase number
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures boolean
If a user should be informed when their account is locked. Default: false
priority number
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength number
Min length of the password recovery question answer. Default: 4
questionRecovery string
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken number
Lifetime in minutes of the recovery email token. Default: 60
skipUnlock boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery string
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status string
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
auth_provider str
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
call_recovery str
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description str
Policy Description
email_recovery str
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groups_includeds Sequence[str]
List of Group IDs to Include
name str
Policy Name
password_auto_unlock_minutes int
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
password_dictionary_lookup bool
Check Passwords Against Common Password Dictionary. Default: false
password_exclude_first_name bool
User firstName attribute must be excluded from the password
password_exclude_last_name bool
User lastName attribute must be excluded from the password
password_exclude_username bool
If the user name must be excluded from the password. Default: true
password_expire_warn_days int
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
password_history_count int
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
password_lockout_notification_channels Sequence[str]
Notification channels to use to notify a user when their account has been locked.
password_max_age_days int
Length in days a password is valid before expiry: 0 = no limit. Default: 0
password_max_lockout_attempts int
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
password_min_age_minutes int
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
password_min_length int
Minimum password length. Default: 8
password_min_lowercase int
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
password_min_number int
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
password_min_symbol int
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
password_min_uppercase int
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
password_show_lockout_failures bool
If a user should be informed when their account is locked. Default: false
priority int
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
question_min_length int
Min length of the password recovery question answer. Default: 4
question_recovery str
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recovery_email_token int
Lifetime in minutes of the recovery email token. Default: 60
skip_unlock bool
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
sms_recovery str
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status str
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
authProvider String
Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String
Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String
Policy Description
emailRecovery String
Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>
List of Group IDs to Include
name String
Policy Name
passwordAutoUnlockMinutes Number
Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean
Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean
User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean
User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean
If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Number
Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Number
Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>
Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Number
Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Number
Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Number
Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Number
Minimum password length. Default: 8
passwordMinLowercase Number
If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Number
If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Number
If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Number
If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean
If a user should be informed when their account is locked. Default: false
priority Number
Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Number
Min length of the password recovery question answer. Default: 4
questionRecovery String
Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Number
Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean
When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String
Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String
Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

Import

$ pulumi import okta:policy/password:Password example <policy_id>
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Okta pulumi/pulumi-okta
License
Apache-2.0
Notes
This Pulumi package is based on the okta Terraform Provider.