1. Packages
  2. Okta Provider
  3. API Docs
  4. policy
  5. Password
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

okta.policy.Password

Explore with Pulumi AI

okta logo
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

    Creates a Password Policy. This resource allows you to create and configure a Password Policy.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as okta from "@pulumi/okta";
    
    const example = new okta.policy.Password("example", {
        name: "example",
        status: "ACTIVE",
        description: "Example",
        passwordHistoryCount: 4,
        groupsIncludeds: [everyone.id],
    });
    
    import pulumi
    import pulumi_okta as okta
    
    example = okta.policy.Password("example",
        name="example",
        status="ACTIVE",
        description="Example",
        password_history_count=4,
        groups_includeds=[everyone["id"]])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := policy.NewPassword(ctx, "example", &policy.PasswordArgs{
    			Name:                 pulumi.String("example"),
    			Status:               pulumi.String("ACTIVE"),
    			Description:          pulumi.String("Example"),
    			PasswordHistoryCount: pulumi.Int(4),
    			GroupsIncludeds: pulumi.StringArray{
    				everyone.Id,
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Okta = Pulumi.Okta;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Okta.Policy.Password("example", new()
        {
            Name = "example",
            Status = "ACTIVE",
            Description = "Example",
            PasswordHistoryCount = 4,
            GroupsIncludeds = new[]
            {
                everyone.Id,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.okta.policy.Password;
    import com.pulumi.okta.policy.PasswordArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Password("example", PasswordArgs.builder()
                .name("example")
                .status("ACTIVE")
                .description("Example")
                .passwordHistoryCount(4)
                .groupsIncludeds(everyone.id())
                .build());
    
        }
    }
    
    resources:
      example:
        type: okta:policy:Password
        properties:
          name: example
          status: ACTIVE
          description: Example
          passwordHistoryCount: 4
          groupsIncludeds:
            - ${everyone.id}
    

    Create Password Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Password(name: string, args?: PasswordArgs, opts?: CustomResourceOptions);
    @overload
    def Password(resource_name: str,
                 args: Optional[PasswordArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Password(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 auth_provider: Optional[str] = None,
                 call_recovery: Optional[str] = None,
                 description: Optional[str] = None,
                 email_recovery: Optional[str] = None,
                 groups_includeds: Optional[Sequence[str]] = None,
                 name: Optional[str] = None,
                 password_auto_unlock_minutes: Optional[int] = None,
                 password_dictionary_lookup: Optional[bool] = None,
                 password_exclude_first_name: Optional[bool] = None,
                 password_exclude_last_name: Optional[bool] = None,
                 password_exclude_username: Optional[bool] = None,
                 password_expire_warn_days: Optional[int] = None,
                 password_history_count: Optional[int] = None,
                 password_lockout_notification_channels: Optional[Sequence[str]] = None,
                 password_max_age_days: Optional[int] = None,
                 password_max_lockout_attempts: Optional[int] = None,
                 password_min_age_minutes: Optional[int] = None,
                 password_min_length: Optional[int] = None,
                 password_min_lowercase: Optional[int] = None,
                 password_min_number: Optional[int] = None,
                 password_min_symbol: Optional[int] = None,
                 password_min_uppercase: Optional[int] = None,
                 password_show_lockout_failures: Optional[bool] = None,
                 priority: Optional[int] = None,
                 question_min_length: Optional[int] = None,
                 question_recovery: Optional[str] = None,
                 recovery_email_token: Optional[int] = None,
                 skip_unlock: Optional[bool] = None,
                 sms_recovery: Optional[str] = None,
                 status: Optional[str] = None)
    func NewPassword(ctx *Context, name string, args *PasswordArgs, opts ...ResourceOption) (*Password, error)
    public Password(string name, PasswordArgs? args = null, CustomResourceOptions? opts = null)
    public Password(String name, PasswordArgs args)
    public Password(String name, PasswordArgs args, CustomResourceOptions options)
    
    type: okta:policy:Password
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args PasswordArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var passwordResource = new Okta.Policy.Password("passwordResource", new()
    {
        AuthProvider = "string",
        CallRecovery = "string",
        Description = "string",
        EmailRecovery = "string",
        GroupsIncludeds = new[]
        {
            "string",
        },
        Name = "string",
        PasswordAutoUnlockMinutes = 0,
        PasswordDictionaryLookup = false,
        PasswordExcludeFirstName = false,
        PasswordExcludeLastName = false,
        PasswordExcludeUsername = false,
        PasswordExpireWarnDays = 0,
        PasswordHistoryCount = 0,
        PasswordLockoutNotificationChannels = new[]
        {
            "string",
        },
        PasswordMaxAgeDays = 0,
        PasswordMaxLockoutAttempts = 0,
        PasswordMinAgeMinutes = 0,
        PasswordMinLength = 0,
        PasswordMinLowercase = 0,
        PasswordMinNumber = 0,
        PasswordMinSymbol = 0,
        PasswordMinUppercase = 0,
        PasswordShowLockoutFailures = false,
        Priority = 0,
        QuestionMinLength = 0,
        QuestionRecovery = "string",
        RecoveryEmailToken = 0,
        SkipUnlock = false,
        SmsRecovery = "string",
        Status = "string",
    });
    
    example, err := policy.NewPassword(ctx, "passwordResource", &policy.PasswordArgs{
    	AuthProvider:  pulumi.String("string"),
    	CallRecovery:  pulumi.String("string"),
    	Description:   pulumi.String("string"),
    	EmailRecovery: pulumi.String("string"),
    	GroupsIncludeds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Name:                      pulumi.String("string"),
    	PasswordAutoUnlockMinutes: pulumi.Int(0),
    	PasswordDictionaryLookup:  pulumi.Bool(false),
    	PasswordExcludeFirstName:  pulumi.Bool(false),
    	PasswordExcludeLastName:   pulumi.Bool(false),
    	PasswordExcludeUsername:   pulumi.Bool(false),
    	PasswordExpireWarnDays:    pulumi.Int(0),
    	PasswordHistoryCount:      pulumi.Int(0),
    	PasswordLockoutNotificationChannels: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	PasswordMaxAgeDays:          pulumi.Int(0),
    	PasswordMaxLockoutAttempts:  pulumi.Int(0),
    	PasswordMinAgeMinutes:       pulumi.Int(0),
    	PasswordMinLength:           pulumi.Int(0),
    	PasswordMinLowercase:        pulumi.Int(0),
    	PasswordMinNumber:           pulumi.Int(0),
    	PasswordMinSymbol:           pulumi.Int(0),
    	PasswordMinUppercase:        pulumi.Int(0),
    	PasswordShowLockoutFailures: pulumi.Bool(false),
    	Priority:                    pulumi.Int(0),
    	QuestionMinLength:           pulumi.Int(0),
    	QuestionRecovery:            pulumi.String("string"),
    	RecoveryEmailToken:          pulumi.Int(0),
    	SkipUnlock:                  pulumi.Bool(false),
    	SmsRecovery:                 pulumi.String("string"),
    	Status:                      pulumi.String("string"),
    })
    
    var passwordResource = new Password("passwordResource", PasswordArgs.builder()
        .authProvider("string")
        .callRecovery("string")
        .description("string")
        .emailRecovery("string")
        .groupsIncludeds("string")
        .name("string")
        .passwordAutoUnlockMinutes(0)
        .passwordDictionaryLookup(false)
        .passwordExcludeFirstName(false)
        .passwordExcludeLastName(false)
        .passwordExcludeUsername(false)
        .passwordExpireWarnDays(0)
        .passwordHistoryCount(0)
        .passwordLockoutNotificationChannels("string")
        .passwordMaxAgeDays(0)
        .passwordMaxLockoutAttempts(0)
        .passwordMinAgeMinutes(0)
        .passwordMinLength(0)
        .passwordMinLowercase(0)
        .passwordMinNumber(0)
        .passwordMinSymbol(0)
        .passwordMinUppercase(0)
        .passwordShowLockoutFailures(false)
        .priority(0)
        .questionMinLength(0)
        .questionRecovery("string")
        .recoveryEmailToken(0)
        .skipUnlock(false)
        .smsRecovery("string")
        .status("string")
        .build());
    
    password_resource = okta.policy.Password("passwordResource",
        auth_provider="string",
        call_recovery="string",
        description="string",
        email_recovery="string",
        groups_includeds=["string"],
        name="string",
        password_auto_unlock_minutes=0,
        password_dictionary_lookup=False,
        password_exclude_first_name=False,
        password_exclude_last_name=False,
        password_exclude_username=False,
        password_expire_warn_days=0,
        password_history_count=0,
        password_lockout_notification_channels=["string"],
        password_max_age_days=0,
        password_max_lockout_attempts=0,
        password_min_age_minutes=0,
        password_min_length=0,
        password_min_lowercase=0,
        password_min_number=0,
        password_min_symbol=0,
        password_min_uppercase=0,
        password_show_lockout_failures=False,
        priority=0,
        question_min_length=0,
        question_recovery="string",
        recovery_email_token=0,
        skip_unlock=False,
        sms_recovery="string",
        status="string")
    
    const passwordResource = new okta.policy.Password("passwordResource", {
        authProvider: "string",
        callRecovery: "string",
        description: "string",
        emailRecovery: "string",
        groupsIncludeds: ["string"],
        name: "string",
        passwordAutoUnlockMinutes: 0,
        passwordDictionaryLookup: false,
        passwordExcludeFirstName: false,
        passwordExcludeLastName: false,
        passwordExcludeUsername: false,
        passwordExpireWarnDays: 0,
        passwordHistoryCount: 0,
        passwordLockoutNotificationChannels: ["string"],
        passwordMaxAgeDays: 0,
        passwordMaxLockoutAttempts: 0,
        passwordMinAgeMinutes: 0,
        passwordMinLength: 0,
        passwordMinLowercase: 0,
        passwordMinNumber: 0,
        passwordMinSymbol: 0,
        passwordMinUppercase: 0,
        passwordShowLockoutFailures: false,
        priority: 0,
        questionMinLength: 0,
        questionRecovery: "string",
        recoveryEmailToken: 0,
        skipUnlock: false,
        smsRecovery: "string",
        status: "string",
    });
    
    type: okta:policy:Password
    properties:
        authProvider: string
        callRecovery: string
        description: string
        emailRecovery: string
        groupsIncludeds:
            - string
        name: string
        passwordAutoUnlockMinutes: 0
        passwordDictionaryLookup: false
        passwordExcludeFirstName: false
        passwordExcludeLastName: false
        passwordExcludeUsername: false
        passwordExpireWarnDays: 0
        passwordHistoryCount: 0
        passwordLockoutNotificationChannels:
            - string
        passwordMaxAgeDays: 0
        passwordMaxLockoutAttempts: 0
        passwordMinAgeMinutes: 0
        passwordMinLength: 0
        passwordMinLowercase: 0
        passwordMinNumber: 0
        passwordMinSymbol: 0
        passwordMinUppercase: 0
        passwordShowLockoutFailures: false
        priority: 0
        questionMinLength: 0
        questionRecovery: string
        recoveryEmailToken: 0
        skipUnlock: false
        smsRecovery: string
        status: string
    

    Password Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Password resource accepts the following input properties:

    AuthProvider string
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    CallRecovery string
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Description string
    Policy Description
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    GroupsIncludeds List<string>
    List of Group IDs to Include
    Name string
    Policy Name
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Default: false
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password
    PasswordExcludeUsername bool
    If the user name must be excluded from the password. Default: true
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    PasswordLockoutNotificationChannels List<string>
    Notification channels to use to notify a user when their account has been locked.
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    PasswordMinLength int
    Minimum password length. Default: 8
    PasswordMinLowercase int
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    PasswordMinNumber int
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    PasswordMinSymbol int
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    PasswordMinUppercase int
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Default: false
    Priority int
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    QuestionMinLength int
    Min length of the password recovery question answer. Default: 4
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Default: 60
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Status string
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    AuthProvider string
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    CallRecovery string
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Description string
    Policy Description
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    GroupsIncludeds []string
    List of Group IDs to Include
    Name string
    Policy Name
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Default: false
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password
    PasswordExcludeUsername bool
    If the user name must be excluded from the password. Default: true
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    PasswordLockoutNotificationChannels []string
    Notification channels to use to notify a user when their account has been locked.
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    PasswordMinLength int
    Minimum password length. Default: 8
    PasswordMinLowercase int
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    PasswordMinNumber int
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    PasswordMinSymbol int
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    PasswordMinUppercase int
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Default: false
    Priority int
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    QuestionMinLength int
    Min length of the password recovery question answer. Default: 4
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Default: 60
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Status string
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    authProvider String
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    callRecovery String
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description String
    Policy Description
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groupsIncludeds List<String>
    List of Group IDs to Include
    name String
    Policy Name
    passwordAutoUnlockMinutes Integer
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Default: false
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password
    passwordExcludeUsername Boolean
    If the user name must be excluded from the password. Default: true
    passwordExpireWarnDays Integer
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    passwordHistoryCount Integer
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked.
    passwordMaxAgeDays Integer
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    passwordMaxLockoutAttempts Integer
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    passwordMinAgeMinutes Integer
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    passwordMinLength Integer
    Minimum password length. Default: 8
    passwordMinLowercase Integer
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    passwordMinNumber Integer
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    passwordMinSymbol Integer
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    passwordMinUppercase Integer
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Default: false
    priority Integer
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    questionMinLength Integer
    Min length of the password recovery question answer. Default: 4
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recoveryEmailToken Integer
    Lifetime in minutes of the recovery email token. Default: 60
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status String
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    authProvider string
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    callRecovery string
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description string
    Policy Description
    emailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groupsIncludeds string[]
    List of Group IDs to Include
    name string
    Policy Name
    passwordAutoUnlockMinutes number
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    passwordDictionaryLookup boolean
    Check Passwords Against Common Password Dictionary. Default: false
    passwordExcludeFirstName boolean
    User firstName attribute must be excluded from the password
    passwordExcludeLastName boolean
    User lastName attribute must be excluded from the password
    passwordExcludeUsername boolean
    If the user name must be excluded from the password. Default: true
    passwordExpireWarnDays number
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    passwordHistoryCount number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    passwordLockoutNotificationChannels string[]
    Notification channels to use to notify a user when their account has been locked.
    passwordMaxAgeDays number
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    passwordMaxLockoutAttempts number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    passwordMinAgeMinutes number
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    passwordMinLength number
    Minimum password length. Default: 8
    passwordMinLowercase number
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    passwordMinNumber number
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    passwordMinSymbol number
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    passwordMinUppercase number
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    passwordShowLockoutFailures boolean
    If a user should be informed when their account is locked. Default: false
    priority number
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    questionMinLength number
    Min length of the password recovery question answer. Default: 4
    questionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recoveryEmailToken number
    Lifetime in minutes of the recovery email token. Default: 60
    skipUnlock boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    smsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status string
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    auth_provider str
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    call_recovery str
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description str
    Policy Description
    email_recovery str
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groups_includeds Sequence[str]
    List of Group IDs to Include
    name str
    Policy Name
    password_auto_unlock_minutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    password_dictionary_lookup bool
    Check Passwords Against Common Password Dictionary. Default: false
    password_exclude_first_name bool
    User firstName attribute must be excluded from the password
    password_exclude_last_name bool
    User lastName attribute must be excluded from the password
    password_exclude_username bool
    If the user name must be excluded from the password. Default: true
    password_expire_warn_days int
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    password_history_count int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    password_lockout_notification_channels Sequence[str]
    Notification channels to use to notify a user when their account has been locked.
    password_max_age_days int
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    password_max_lockout_attempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    password_min_age_minutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    password_min_length int
    Minimum password length. Default: 8
    password_min_lowercase int
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    password_min_number int
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    password_min_symbol int
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    password_min_uppercase int
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    password_show_lockout_failures bool
    If a user should be informed when their account is locked. Default: false
    priority int
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    question_min_length int
    Min length of the password recovery question answer. Default: 4
    question_recovery str
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recovery_email_token int
    Lifetime in minutes of the recovery email token. Default: 60
    skip_unlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    sms_recovery str
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status str
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    authProvider String
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    callRecovery String
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description String
    Policy Description
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groupsIncludeds List<String>
    List of Group IDs to Include
    name String
    Policy Name
    passwordAutoUnlockMinutes Number
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Default: false
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password
    passwordExcludeUsername Boolean
    If the user name must be excluded from the password. Default: true
    passwordExpireWarnDays Number
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    passwordHistoryCount Number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked.
    passwordMaxAgeDays Number
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    passwordMaxLockoutAttempts Number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    passwordMinAgeMinutes Number
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    passwordMinLength Number
    Minimum password length. Default: 8
    passwordMinLowercase Number
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    passwordMinNumber Number
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    passwordMinSymbol Number
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    passwordMinUppercase Number
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Default: false
    priority Number
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    questionMinLength Number
    Min length of the password recovery question answer. Default: 4
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recoveryEmailToken Number
    Lifetime in minutes of the recovery email token. Default: 60
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status String
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Password resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Password Resource

    Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: PasswordState, opts?: CustomResourceOptions): Password
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auth_provider: Optional[str] = None,
            call_recovery: Optional[str] = None,
            description: Optional[str] = None,
            email_recovery: Optional[str] = None,
            groups_includeds: Optional[Sequence[str]] = None,
            name: Optional[str] = None,
            password_auto_unlock_minutes: Optional[int] = None,
            password_dictionary_lookup: Optional[bool] = None,
            password_exclude_first_name: Optional[bool] = None,
            password_exclude_last_name: Optional[bool] = None,
            password_exclude_username: Optional[bool] = None,
            password_expire_warn_days: Optional[int] = None,
            password_history_count: Optional[int] = None,
            password_lockout_notification_channels: Optional[Sequence[str]] = None,
            password_max_age_days: Optional[int] = None,
            password_max_lockout_attempts: Optional[int] = None,
            password_min_age_minutes: Optional[int] = None,
            password_min_length: Optional[int] = None,
            password_min_lowercase: Optional[int] = None,
            password_min_number: Optional[int] = None,
            password_min_symbol: Optional[int] = None,
            password_min_uppercase: Optional[int] = None,
            password_show_lockout_failures: Optional[bool] = None,
            priority: Optional[int] = None,
            question_min_length: Optional[int] = None,
            question_recovery: Optional[str] = None,
            recovery_email_token: Optional[int] = None,
            skip_unlock: Optional[bool] = None,
            sms_recovery: Optional[str] = None,
            status: Optional[str] = None) -> Password
    func GetPassword(ctx *Context, name string, id IDInput, state *PasswordState, opts ...ResourceOption) (*Password, error)
    public static Password Get(string name, Input<string> id, PasswordState? state, CustomResourceOptions? opts = null)
    public static Password get(String name, Output<String> id, PasswordState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthProvider string
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    CallRecovery string
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Description string
    Policy Description
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    GroupsIncludeds List<string>
    List of Group IDs to Include
    Name string
    Policy Name
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Default: false
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password
    PasswordExcludeUsername bool
    If the user name must be excluded from the password. Default: true
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    PasswordLockoutNotificationChannels List<string>
    Notification channels to use to notify a user when their account has been locked.
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    PasswordMinLength int
    Minimum password length. Default: 8
    PasswordMinLowercase int
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    PasswordMinNumber int
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    PasswordMinSymbol int
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    PasswordMinUppercase int
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Default: false
    Priority int
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    QuestionMinLength int
    Min length of the password recovery question answer. Default: 4
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Default: 60
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Status string
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    AuthProvider string
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    CallRecovery string
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Description string
    Policy Description
    EmailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    GroupsIncludeds []string
    List of Group IDs to Include
    Name string
    Policy Name
    PasswordAutoUnlockMinutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    PasswordDictionaryLookup bool
    Check Passwords Against Common Password Dictionary. Default: false
    PasswordExcludeFirstName bool
    User firstName attribute must be excluded from the password
    PasswordExcludeLastName bool
    User lastName attribute must be excluded from the password
    PasswordExcludeUsername bool
    If the user name must be excluded from the password. Default: true
    PasswordExpireWarnDays int
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    PasswordHistoryCount int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    PasswordLockoutNotificationChannels []string
    Notification channels to use to notify a user when their account has been locked.
    PasswordMaxAgeDays int
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    PasswordMaxLockoutAttempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    PasswordMinAgeMinutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    PasswordMinLength int
    Minimum password length. Default: 8
    PasswordMinLowercase int
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    PasswordMinNumber int
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    PasswordMinSymbol int
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    PasswordMinUppercase int
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    PasswordShowLockoutFailures bool
    If a user should be informed when their account is locked. Default: false
    Priority int
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    QuestionMinLength int
    Min length of the password recovery question answer. Default: 4
    QuestionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    RecoveryEmailToken int
    Lifetime in minutes of the recovery email token. Default: 60
    SkipUnlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    SmsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    Status string
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    authProvider String
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    callRecovery String
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description String
    Policy Description
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groupsIncludeds List<String>
    List of Group IDs to Include
    name String
    Policy Name
    passwordAutoUnlockMinutes Integer
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Default: false
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password
    passwordExcludeUsername Boolean
    If the user name must be excluded from the password. Default: true
    passwordExpireWarnDays Integer
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    passwordHistoryCount Integer
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked.
    passwordMaxAgeDays Integer
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    passwordMaxLockoutAttempts Integer
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    passwordMinAgeMinutes Integer
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    passwordMinLength Integer
    Minimum password length. Default: 8
    passwordMinLowercase Integer
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    passwordMinNumber Integer
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    passwordMinSymbol Integer
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    passwordMinUppercase Integer
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Default: false
    priority Integer
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    questionMinLength Integer
    Min length of the password recovery question answer. Default: 4
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recoveryEmailToken Integer
    Lifetime in minutes of the recovery email token. Default: 60
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status String
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    authProvider string
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    callRecovery string
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description string
    Policy Description
    emailRecovery string
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groupsIncludeds string[]
    List of Group IDs to Include
    name string
    Policy Name
    passwordAutoUnlockMinutes number
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    passwordDictionaryLookup boolean
    Check Passwords Against Common Password Dictionary. Default: false
    passwordExcludeFirstName boolean
    User firstName attribute must be excluded from the password
    passwordExcludeLastName boolean
    User lastName attribute must be excluded from the password
    passwordExcludeUsername boolean
    If the user name must be excluded from the password. Default: true
    passwordExpireWarnDays number
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    passwordHistoryCount number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    passwordLockoutNotificationChannels string[]
    Notification channels to use to notify a user when their account has been locked.
    passwordMaxAgeDays number
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    passwordMaxLockoutAttempts number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    passwordMinAgeMinutes number
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    passwordMinLength number
    Minimum password length. Default: 8
    passwordMinLowercase number
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    passwordMinNumber number
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    passwordMinSymbol number
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    passwordMinUppercase number
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    passwordShowLockoutFailures boolean
    If a user should be informed when their account is locked. Default: false
    priority number
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    questionMinLength number
    Min length of the password recovery question answer. Default: 4
    questionRecovery string
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recoveryEmailToken number
    Lifetime in minutes of the recovery email token. Default: 60
    skipUnlock boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    smsRecovery string
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status string
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    auth_provider str
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    call_recovery str
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description str
    Policy Description
    email_recovery str
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groups_includeds Sequence[str]
    List of Group IDs to Include
    name str
    Policy Name
    password_auto_unlock_minutes int
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    password_dictionary_lookup bool
    Check Passwords Against Common Password Dictionary. Default: false
    password_exclude_first_name bool
    User firstName attribute must be excluded from the password
    password_exclude_last_name bool
    User lastName attribute must be excluded from the password
    password_exclude_username bool
    If the user name must be excluded from the password. Default: true
    password_expire_warn_days int
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    password_history_count int
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    password_lockout_notification_channels Sequence[str]
    Notification channels to use to notify a user when their account has been locked.
    password_max_age_days int
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    password_max_lockout_attempts int
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    password_min_age_minutes int
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    password_min_length int
    Minimum password length. Default: 8
    password_min_lowercase int
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    password_min_number int
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    password_min_symbol int
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    password_min_uppercase int
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    password_show_lockout_failures bool
    If a user should be informed when their account is locked. Default: false
    priority int
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    question_min_length int
    Min length of the password recovery question answer. Default: 4
    question_recovery str
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recovery_email_token int
    Lifetime in minutes of the recovery email token. Default: 60
    skip_unlock bool
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    sms_recovery str
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status str
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE
    authProvider String
    Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
    callRecovery String
    Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
    description String
    Policy Description
    emailRecovery String
    Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    groupsIncludeds List<String>
    List of Group IDs to Include
    name String
    Policy Name
    passwordAutoUnlockMinutes Number
    Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
    passwordDictionaryLookup Boolean
    Check Passwords Against Common Password Dictionary. Default: false
    passwordExcludeFirstName Boolean
    User firstName attribute must be excluded from the password
    passwordExcludeLastName Boolean
    User lastName attribute must be excluded from the password
    passwordExcludeUsername Boolean
    If the user name must be excluded from the password. Default: true
    passwordExpireWarnDays Number
    Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
    passwordHistoryCount Number
    Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
    passwordLockoutNotificationChannels List<String>
    Notification channels to use to notify a user when their account has been locked.
    passwordMaxAgeDays Number
    Length in days a password is valid before expiry: 0 = no limit. Default: 0
    passwordMaxLockoutAttempts Number
    Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
    passwordMinAgeMinutes Number
    Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
    passwordMinLength Number
    Minimum password length. Default: 8
    passwordMinLowercase Number
    If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
    passwordMinNumber Number
    If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
    passwordMinSymbol Number
    If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
    passwordMinUppercase Number
    If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
    passwordShowLockoutFailures Boolean
    If a user should be informed when their account is locked. Default: false
    priority Number
    Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
    questionMinLength Number
    Min length of the password recovery question answer. Default: 4
    questionRecovery String
    Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
    recoveryEmailToken Number
    Lifetime in minutes of the recovery email token. Default: 60
    skipUnlock Boolean
    When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
    smsRecovery String
    Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
    status String
    Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

    Import

    $ pulumi import okta:policy/password:Password example <policy_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi