Creating Password Policies
You can configure the password policy for passwords and client secrets in UAA for parameters such as length, accepted or required character types, expiration times, and reset policy.
About this task
When you create an instance of UAA, an internal Identity Provider of type uaa
is automatically created with the default password policy. You can create new password policies for clients in your instance of UAA. You can create policies for both user passwords and for client secrets.
You can change the password policies at any time. Change in the password policy affects all users, including any existing users in your UAA instance.
Procedure
- In the Console view, select the Space where your services are located.
- In the Services Instances page, select the UAA instance that you need to configure.
- Select the Configure Service Instance option.
- In the UAA Dashboard login page, specify your admin client secret and click Login.
- In UAA Dashboard, select the Password Policy tab.
- Specify the following values in the Password Policy form:
Field Description Set Password Length Specifies the minimum to maximum number of characters required for a valid password. Requirements Specifies the type of characters required for a valid password. Expiration Specifies the number of months after which current password expires. Lockout Policy Specifies the amount of time (in seconds) for which the account is locked when the number of failed attempts has exceeded the set limit within the specified time.