API Portal 10.5 | webMethods API Portal for Administrators | Managing Users | Password Policy for API Portal Users
 
Password Policy for API Portal Users
 
Configuring password policy for API Portal Users
A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords and use them properly. This is configured through the User Management Console (UMC). The password policy compliance is checked in the following scenarios:
*New user signup: When a new user signs up, the password provided must be compliant to the password policy.
*Password update in user profile: When a user updates the password, the new password provided should be compliant with the password policy.
*New user invite from communities: When a user receives an invite from communities, a random password is generated and sent to the user. This password should be compliant to the password policy.
The following parameters can be configured in the Configuration > Password policy section under various categories in UMC. Alternatively, you can also configure this in the Configuration > All section by setting the parameters mentioned. The table lists the parameters, description and their corresponding properties.
Parameter
Description
Minimum length under Password policy > General.
Specifies the minimum length of a password.
Valid input: Integer > 0
Property:
com.aris.umc.password.length.min
Maximum length under Password policy > General.
Specifies the maximum length of a password.
Valid input: Integer > 0
Property:
com.aris.umc.password.length.max
Minimum number of lowercase letters under Password policy > General.
Specifies the minimum number of lowercase alphabets in a password.
Valid input: Integer > 0
Property:
com.aris.umc.password.characters.lowercase.min
Allow uppercase letters under Password policy > General.
Specifies whether the uppercase alphabets are allowed in a password.
Valid input: true, false
Property:
com.aris.umc.password.characters.uppercase.allowed
Minimum number of uppercase letters under Password policy > General.
Specifies the minimum number of uppercase alphabets in a password.
Valid input: Integer > 0
Property:
com.aris.umc.password.characters.uppercase.min
Allow numbers under Password policy > General.
Specifies whether numbers are allowed in a password.
Valid input: true, false
Property:
com.aris.umc.password.characters.numeric.allowed
Minimum number of numbers under Password policy > General.
Specifies the minimum number of numerals that must be contained in a password.
Valid input: Integer > 0
Property:
com.aris.umc.password.characters.numeric.min
Allow special characters under Password policy > General.
Specifies whether special characters are allowed in a password.
Valid input: true, false
Property:
com.aris.umc.password.characters.special.allowed
Minimum number of special characters under Password policy > General.
Specifies the minimum number of special characters in a password.
Valid input: Integer > 0
Property:
com.aris.umc.password.characters.special.min
Special characters under Password policy > General.
Specifies which characters are special characters.
Valid input: String
Property:
com.aris.umc.password.characters.special.set
Activate expiring passwords under Password policy > Expiring passwords.
Specifies whether passwords are set to be valid only for a specific amount of time. This is defined for a single tenant. Once the password has expired, the user is directed to a website enabling the password to be changed. Thereafter, the user is redirected to the application.
Valid input: true, false
Property:
com.aris.umc.password.expiry.active
Password lifetime under Password policy > Expiring passwords.
Specifies the period of time after which a password expires.
Valid input: Integer > 0
Property:
com.aris.umc.password.expiry.days
Force change after reset under Password policy > Advanced settings.
Specifies whether a user must change the password if it was reset (and sent through an e-mail).
Valid input: true, false
Property:
com.aris.umc.password.change.forceAfterReset
Force different password under Password policy > Advanced settings.
Specifies whether the new password must differ from the old one.
Valid input: true, false
Property:
com.aris.umc.password.change.forceDifference
Force change before first login under Password policy > Advanced settings.
Specifies whether a user must change the password upon first login.
Valid input: true, false
Property:
com.aris.umc.password.change.forceOnFirstLogin
Activate reset confirmation under Password policy > Advanced settings.
Specifies whether a user must confirm a password reset.
Valid input: true, false
Property:
com.aris.umc.password.reset.confirmation.active
Link lifetime under Password policy > Advanced settings.
Specifies the time in seconds during which a user can click the link sent by e-mail in order to confirm the password.
Valid input: Integer > 0
Property:
com.aris.umc.password.reset.confirmation.ttl