Managing Authentication Settings
This topic describes how to set password policy rules for local IAM users in your tenancy.
Required IAM Policy
If you're in the Administrators group, then you have the required access for managing password policy.
To view authentication policy, you must be granted
inspect access on the
authentication-policies resource. For example:
Allow group GroupA to inspect authentication-policies in tenancy
To modify authentication policy, you must be granted the
AUTHENTICATION_POLICY_UPDATE permission. This permission is included in the
manage verb. For example:
Allow group GroupA to manage authentication-policies in tenancy
Working with Password Policy Rules
A password policy that you set in the IAM service is applicable for all local (or non-federated) users.
When a user is created or when a user changes their password, the IAM service validates the password that is provided against the password policy to ensure that it meets the criteria for the policy. When a user logs in for the first time to change the password, or resets the password at any time, the password policy is evaluated and enforced.
When Do Changes to Password Policy Rules Take Effect
Changes to password policy rules take effect immediately so that the next time any user changes their password they must create a password that meets the criteria. Existing passwords will continue to work even if they would be invalid under the new rules. Users are not forced to change existing passwords to meet the new criteria. Passwords are evaluated against the rules only at the time they are created or changed.
About the Password Policy Rules
The following table describes the rules that you can include in your password policy:
Default IAM Service Setting
|Minimum password length||
Minimum value is 8 (characters). Maximum value is 100.
Require passwords to contain at least 1 special character. Special characters allowed in passwords are:
Special characters not listed are not allowed.
|Lowercase characters||Require passwords to contain at least 1 lowercase alphabetic character a-z.||Enforced|
|Uppercase characters||Require passwords to contain at least 1 uppercase alphabetic character A-Z.||Enforced|
|Numeric characters||Require passwords to contain at least 1 number 0-9.||Enforced|
Oracle recommends that you enforce all the password rules.
Using the Console
- Open the navigation menu. Under Governance and Administration, go to Identity and click Authentication Settings. The authentication settings for your tenancy are displayed.
- Click Edit.
- Enter the following to set the password policy:
- Minimum Password Length: Enter a number to define the minimum number of characters that a user's password must contain. Allowed values are 8 through 100.
Select the Password Rules you want to enforce:
- Must contain at least 1 numeric character: Select the check box to require at least 1 number (0-9) in the password.
- Must contain at least 1 special character: Select the check box to require at least 1 special character. Allowed special characters are:
- Must contain at least 1 lowercase character: Select the check box to require at least 1 lowercase alphabetic character (a-z).
- Must contain at least 1 uppercase character: Select the check box to require at least 1 uppercase alphabetic character (A-Z).
- Click Save.
Using the API
For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.
Use these API operations to manage password rules: