We have created password policy for a group and SetPassword API is not behaving as per the Password policy which is assigned.
Is there any configurations that we can set to our policy so that all the API’s will behave as per policy?
1 Like
Hello,
Can you supply the link to the SetPassword API you are using.
Some APIs are considered admin API such as updateUser and will not validate all changes against policies.
1 Like
Hi Erik,
Thank you for the reply.
We are using {{url}}/api/v1/users/{{Username}} API
With body:
{
“credentials”: {
“password” : { “value”: “password” }
}
}
this API is not behaving as per our password policy.
Yup, as @erik said, if an admin is changing the user’s password (instead of the user resetting it), password policy complexity is not enforced.
The only thing that can be enforced is password history and minimum age, using the strict parameter, as noted in our API docs:
If true, validates against minimum age and history password policy
1 Like
Hi,
Thank you for the response.
I have tried by adding "strict" = true query parameter and observed below behaviour
Password@new1 - Success
Password@new2 - Success
Password@new3 - Success
Password@new4 - Success
Password@new4 - Error - “password: Password cannot be your current password”
Password@new3 - Success
Password@new2 - Success
Password@new1 - Success
And our password policy as below image:
Even though the policy says ‘Enforce password history for last 4 passwords’, we can set the previous passwords successfully.
1 Like