okta.PolicyPasswordDefault
Explore with Pulumi AI
Configures default password policy. This resource allows you to configure default password policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const _default = new okta.PolicyPasswordDefault("default", {});
import pulumi
import pulumi_okta as okta
default = okta.PolicyPasswordDefault("default")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := okta.NewPolicyPasswordDefault(ctx, "default", nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var @default = new Okta.PolicyPasswordDefault("default");
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.PolicyPasswordDefault;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new PolicyPasswordDefault("default");
}
}
resources:
default:
type: okta:PolicyPasswordDefault
Create PolicyPasswordDefault Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyPasswordDefault(name: string, args?: PolicyPasswordDefaultArgs, opts?: CustomResourceOptions);
@overload
def PolicyPasswordDefault(resource_name: str,
args: Optional[PolicyPasswordDefaultArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyPasswordDefault(resource_name: str,
opts: Optional[ResourceOptions] = None,
call_recovery: Optional[str] = None,
email_recovery: Optional[str] = None,
password_auto_unlock_minutes: Optional[int] = None,
password_dictionary_lookup: Optional[bool] = None,
password_exclude_first_name: Optional[bool] = None,
password_exclude_last_name: Optional[bool] = None,
password_exclude_username: Optional[bool] = None,
password_expire_warn_days: Optional[int] = None,
password_history_count: Optional[int] = None,
password_lockout_notification_channels: Optional[Sequence[str]] = None,
password_max_age_days: Optional[int] = None,
password_max_lockout_attempts: Optional[int] = None,
password_min_age_minutes: Optional[int] = None,
password_min_length: Optional[int] = None,
password_min_lowercase: Optional[int] = None,
password_min_number: Optional[int] = None,
password_min_symbol: Optional[int] = None,
password_min_uppercase: Optional[int] = None,
password_show_lockout_failures: Optional[bool] = None,
question_min_length: Optional[int] = None,
question_recovery: Optional[str] = None,
recovery_email_token: Optional[int] = None,
skip_unlock: Optional[bool] = None,
sms_recovery: Optional[str] = None)
func NewPolicyPasswordDefault(ctx *Context, name string, args *PolicyPasswordDefaultArgs, opts ...ResourceOption) (*PolicyPasswordDefault, error)
public PolicyPasswordDefault(string name, PolicyPasswordDefaultArgs? args = null, CustomResourceOptions? opts = null)
public PolicyPasswordDefault(String name, PolicyPasswordDefaultArgs args)
public PolicyPasswordDefault(String name, PolicyPasswordDefaultArgs args, CustomResourceOptions options)
type: okta:PolicyPasswordDefault
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyPasswordDefaultArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyPasswordDefaultArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyPasswordDefaultArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyPasswordDefaultArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyPasswordDefaultArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyPasswordDefaultResource = new Okta.PolicyPasswordDefault("policyPasswordDefaultResource", new()
{
CallRecovery = "string",
EmailRecovery = "string",
PasswordAutoUnlockMinutes = 0,
PasswordDictionaryLookup = false,
PasswordExcludeFirstName = false,
PasswordExcludeLastName = false,
PasswordExcludeUsername = false,
PasswordExpireWarnDays = 0,
PasswordHistoryCount = 0,
PasswordLockoutNotificationChannels = new[]
{
"string",
},
PasswordMaxAgeDays = 0,
PasswordMaxLockoutAttempts = 0,
PasswordMinAgeMinutes = 0,
PasswordMinLength = 0,
PasswordMinLowercase = 0,
PasswordMinNumber = 0,
PasswordMinSymbol = 0,
PasswordMinUppercase = 0,
PasswordShowLockoutFailures = false,
QuestionMinLength = 0,
QuestionRecovery = "string",
RecoveryEmailToken = 0,
SkipUnlock = false,
SmsRecovery = "string",
});
example, err := okta.NewPolicyPasswordDefault(ctx, "policyPasswordDefaultResource", &okta.PolicyPasswordDefaultArgs{
CallRecovery: pulumi.String("string"),
EmailRecovery: pulumi.String("string"),
PasswordAutoUnlockMinutes: pulumi.Int(0),
PasswordDictionaryLookup: pulumi.Bool(false),
PasswordExcludeFirstName: pulumi.Bool(false),
PasswordExcludeLastName: pulumi.Bool(false),
PasswordExcludeUsername: pulumi.Bool(false),
PasswordExpireWarnDays: pulumi.Int(0),
PasswordHistoryCount: pulumi.Int(0),
PasswordLockoutNotificationChannels: pulumi.StringArray{
pulumi.String("string"),
},
PasswordMaxAgeDays: pulumi.Int(0),
PasswordMaxLockoutAttempts: pulumi.Int(0),
PasswordMinAgeMinutes: pulumi.Int(0),
PasswordMinLength: pulumi.Int(0),
PasswordMinLowercase: pulumi.Int(0),
PasswordMinNumber: pulumi.Int(0),
PasswordMinSymbol: pulumi.Int(0),
PasswordMinUppercase: pulumi.Int(0),
PasswordShowLockoutFailures: pulumi.Bool(false),
QuestionMinLength: pulumi.Int(0),
QuestionRecovery: pulumi.String("string"),
RecoveryEmailToken: pulumi.Int(0),
SkipUnlock: pulumi.Bool(false),
SmsRecovery: pulumi.String("string"),
})
var policyPasswordDefaultResource = new PolicyPasswordDefault("policyPasswordDefaultResource", PolicyPasswordDefaultArgs.builder()
.callRecovery("string")
.emailRecovery("string")
.passwordAutoUnlockMinutes(0)
.passwordDictionaryLookup(false)
.passwordExcludeFirstName(false)
.passwordExcludeLastName(false)
.passwordExcludeUsername(false)
.passwordExpireWarnDays(0)
.passwordHistoryCount(0)
.passwordLockoutNotificationChannels("string")
.passwordMaxAgeDays(0)
.passwordMaxLockoutAttempts(0)
.passwordMinAgeMinutes(0)
.passwordMinLength(0)
.passwordMinLowercase(0)
.passwordMinNumber(0)
.passwordMinSymbol(0)
.passwordMinUppercase(0)
.passwordShowLockoutFailures(false)
.questionMinLength(0)
.questionRecovery("string")
.recoveryEmailToken(0)
.skipUnlock(false)
.smsRecovery("string")
.build());
policy_password_default_resource = okta.PolicyPasswordDefault("policyPasswordDefaultResource",
call_recovery="string",
email_recovery="string",
password_auto_unlock_minutes=0,
password_dictionary_lookup=False,
password_exclude_first_name=False,
password_exclude_last_name=False,
password_exclude_username=False,
password_expire_warn_days=0,
password_history_count=0,
password_lockout_notification_channels=["string"],
password_max_age_days=0,
password_max_lockout_attempts=0,
password_min_age_minutes=0,
password_min_length=0,
password_min_lowercase=0,
password_min_number=0,
password_min_symbol=0,
password_min_uppercase=0,
password_show_lockout_failures=False,
question_min_length=0,
question_recovery="string",
recovery_email_token=0,
skip_unlock=False,
sms_recovery="string")
const policyPasswordDefaultResource = new okta.PolicyPasswordDefault("policyPasswordDefaultResource", {
callRecovery: "string",
emailRecovery: "string",
passwordAutoUnlockMinutes: 0,
passwordDictionaryLookup: false,
passwordExcludeFirstName: false,
passwordExcludeLastName: false,
passwordExcludeUsername: false,
passwordExpireWarnDays: 0,
passwordHistoryCount: 0,
passwordLockoutNotificationChannels: ["string"],
passwordMaxAgeDays: 0,
passwordMaxLockoutAttempts: 0,
passwordMinAgeMinutes: 0,
passwordMinLength: 0,
passwordMinLowercase: 0,
passwordMinNumber: 0,
passwordMinSymbol: 0,
passwordMinUppercase: 0,
passwordShowLockoutFailures: false,
questionMinLength: 0,
questionRecovery: "string",
recoveryEmailToken: 0,
skipUnlock: false,
smsRecovery: "string",
});
type: okta:PolicyPasswordDefault
properties:
callRecovery: string
emailRecovery: string
passwordAutoUnlockMinutes: 0
passwordDictionaryLookup: false
passwordExcludeFirstName: false
passwordExcludeLastName: false
passwordExcludeUsername: false
passwordExpireWarnDays: 0
passwordHistoryCount: 0
passwordLockoutNotificationChannels:
- string
passwordMaxAgeDays: 0
passwordMaxLockoutAttempts: 0
passwordMinAgeMinutes: 0
passwordMinLength: 0
passwordMinLowercase: 0
passwordMinNumber: 0
passwordMinSymbol: 0
passwordMinUppercase: 0
passwordShowLockoutFailures: false
questionMinLength: 0
questionRecovery: string
recoveryEmailToken: 0
skipUnlock: false
smsRecovery: string
PolicyPasswordDefault Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyPasswordDefault resource accepts the following input properties:
- Call
Recovery string - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Email
Recovery string - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- Password
Lockout List<string>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default is
8
. - Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Call
Recovery string - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Email
Recovery string - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- Password
Lockout []stringNotification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default is
8
. - Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- call
Recovery String - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- email
Recovery String - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- password
Auto IntegerUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire IntegerWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History IntegerCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max IntegerAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max IntegerLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min IntegerAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min IntegerLength - Minimum password length. Default is
8
. - password
Min IntegerLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password
Min IntegerNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password
Min IntegerSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password
Min IntegerUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- question
Min IntegerLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery
Email IntegerToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- call
Recovery string - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- email
Recovery string - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- password
Auto numberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary booleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude booleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude booleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude booleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire numberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History numberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password
Lockout string[]Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max numberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max numberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min numberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min numberLength - Minimum password length. Default is
8
. - password
Min numberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password
Min numberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password
Min numberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password
Min numberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password
Show booleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- question
Min numberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery string - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery
Email numberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery string - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- call_
recovery str - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- email_
recovery str - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- password_
auto_ intunlock_ minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password_
dictionary_ boollookup - Check Passwords Against Common Password Dictionary. Default:
false
- password_
exclude_ boolfirst_ name - User firstName attribute must be excluded from the password
- password_
exclude_ boollast_ name - User lastName attribute must be excluded from the password
- password_
exclude_ boolusername - If the user name must be excluded from the password. Default:
true
- password_
expire_ intwarn_ days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password_
history_ intcount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password_
lockout_ Sequence[str]notification_ channels - Notification channels to use to notify a user when their account has been locked.
- password_
max_ intage_ days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password_
max_ intlockout_ attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password_
min_ intage_ minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password_
min_ intlength - Minimum password length. Default is
8
. - password_
min_ intlowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password_
min_ intnumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password_
min_ intsymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password_
min_ intuppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password_
show_ boollockout_ failures - If a user should be informed when their account is locked. Default:
false
- question_
min_ intlength - Min length of the password recovery question answer. Default:
4
- question_
recovery str - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery_
email_ inttoken - Lifetime in minutes of the recovery email token. Default:
60
- skip_
unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms_
recovery str - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- call
Recovery String - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- email
Recovery String - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- password
Auto NumberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire NumberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History NumberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max NumberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max NumberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min NumberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min NumberLength - Minimum password length. Default is
8
. - password
Min NumberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password
Min NumberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password
Min NumberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password
Min NumberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- question
Min NumberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery
Email NumberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyPasswordDefault resource produces the following output properties:
- Default
Auth stringProvider - Default Authentication Provider
- Default
Included stringGroup Id - Default group ID (always included)
- Description string
- Default policy description
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Default policy name
- Priority int
- Default policy priority
- Status string
- Default policy status
- Default
Auth stringProvider - Default Authentication Provider
- Default
Included stringGroup Id - Default group ID (always included)
- Description string
- Default policy description
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Default policy name
- Priority int
- Default policy priority
- Status string
- Default policy status
- default
Auth StringProvider - Default Authentication Provider
- default
Included StringGroup Id - Default group ID (always included)
- description String
- Default policy description
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Default policy name
- priority Integer
- Default policy priority
- status String
- Default policy status
- default
Auth stringProvider - Default Authentication Provider
- default
Included stringGroup Id - Default group ID (always included)
- description string
- Default policy description
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Default policy name
- priority number
- Default policy priority
- status string
- Default policy status
- default_
auth_ strprovider - Default Authentication Provider
- default_
included_ strgroup_ id - Default group ID (always included)
- description str
- Default policy description
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Default policy name
- priority int
- Default policy priority
- status str
- Default policy status
- default
Auth StringProvider - Default Authentication Provider
- default
Included StringGroup Id - Default group ID (always included)
- description String
- Default policy description
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Default policy name
- priority Number
- Default policy priority
- status String
- Default policy status
Look up Existing PolicyPasswordDefault Resource
Get an existing PolicyPasswordDefault resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyPasswordDefaultState, opts?: CustomResourceOptions): PolicyPasswordDefault
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
call_recovery: Optional[str] = None,
default_auth_provider: Optional[str] = None,
default_included_group_id: Optional[str] = None,
description: Optional[str] = None,
email_recovery: Optional[str] = None,
name: Optional[str] = None,
password_auto_unlock_minutes: Optional[int] = None,
password_dictionary_lookup: Optional[bool] = None,
password_exclude_first_name: Optional[bool] = None,
password_exclude_last_name: Optional[bool] = None,
password_exclude_username: Optional[bool] = None,
password_expire_warn_days: Optional[int] = None,
password_history_count: Optional[int] = None,
password_lockout_notification_channels: Optional[Sequence[str]] = None,
password_max_age_days: Optional[int] = None,
password_max_lockout_attempts: Optional[int] = None,
password_min_age_minutes: Optional[int] = None,
password_min_length: Optional[int] = None,
password_min_lowercase: Optional[int] = None,
password_min_number: Optional[int] = None,
password_min_symbol: Optional[int] = None,
password_min_uppercase: Optional[int] = None,
password_show_lockout_failures: Optional[bool] = None,
priority: Optional[int] = None,
question_min_length: Optional[int] = None,
question_recovery: Optional[str] = None,
recovery_email_token: Optional[int] = None,
skip_unlock: Optional[bool] = None,
sms_recovery: Optional[str] = None,
status: Optional[str] = None) -> PolicyPasswordDefault
func GetPolicyPasswordDefault(ctx *Context, name string, id IDInput, state *PolicyPasswordDefaultState, opts ...ResourceOption) (*PolicyPasswordDefault, error)
public static PolicyPasswordDefault Get(string name, Input<string> id, PolicyPasswordDefaultState? state, CustomResourceOptions? opts = null)
public static PolicyPasswordDefault get(String name, Output<String> id, PolicyPasswordDefaultState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Call
Recovery string - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Default
Auth stringProvider - Default Authentication Provider
- Default
Included stringGroup Id - Default group ID (always included)
- Description string
- Default policy description
- Email
Recovery string - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Name string
- Default policy name
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- Password
Lockout List<string>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default is
8
. - Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Priority int
- Default policy priority
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Status string
- Default policy status
- Call
Recovery string - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Default
Auth stringProvider - Default Authentication Provider
- Default
Included stringGroup Id - Default group ID (always included)
- Description string
- Default policy description
- Email
Recovery string - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Name string
- Default policy name
- Password
Auto intUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- Password
Dictionary boolLookup - Check Passwords Against Common Password Dictionary. Default:
false
- Password
Exclude boolFirst Name - User firstName attribute must be excluded from the password
- Password
Exclude boolLast Name - User lastName attribute must be excluded from the password
- Password
Exclude boolUsername - If the user name must be excluded from the password. Default:
true
- Password
Expire intWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- Password
History intCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- Password
Lockout []stringNotification Channels - Notification channels to use to notify a user when their account has been locked.
- Password
Max intAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- Password
Max intLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- Password
Min intAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- Password
Min intLength - Minimum password length. Default is
8
. - Password
Min intLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- Password
Min intNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- Password
Min intSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- Password
Min intUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- Password
Show boolLockout Failures - If a user should be informed when their account is locked. Default:
false
- Priority int
- Default policy priority
- Question
Min intLength - Min length of the password recovery question answer. Default:
4
- Question
Recovery string - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- Recovery
Email intToken - Lifetime in minutes of the recovery email token. Default:
60
- Skip
Unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- Sms
Recovery string - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- Status string
- Default policy status
- call
Recovery String - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- default
Auth StringProvider - Default Authentication Provider
- default
Included StringGroup Id - Default group ID (always included)
- description String
- Default policy description
- email
Recovery String - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- name String
- Default policy name
- password
Auto IntegerUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire IntegerWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History IntegerCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max IntegerAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max IntegerLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min IntegerAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min IntegerLength - Minimum password length. Default is
8
. - password
Min IntegerLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password
Min IntegerNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password
Min IntegerSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password
Min IntegerUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority Integer
- Default policy priority
- question
Min IntegerLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery
Email IntegerToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- status String
- Default policy status
- call
Recovery string - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- default
Auth stringProvider - Default Authentication Provider
- default
Included stringGroup Id - Default group ID (always included)
- description string
- Default policy description
- email
Recovery string - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- name string
- Default policy name
- password
Auto numberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary booleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude booleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude booleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude booleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire numberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History numberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password
Lockout string[]Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max numberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max numberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min numberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min numberLength - Minimum password length. Default is
8
. - password
Min numberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password
Min numberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password
Min numberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password
Min numberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password
Show booleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority number
- Default policy priority
- question
Min numberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery string - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery
Email numberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery string - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- status string
- Default policy status
- call_
recovery str - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- default_
auth_ strprovider - Default Authentication Provider
- default_
included_ strgroup_ id - Default group ID (always included)
- description str
- Default policy description
- email_
recovery str - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- name str
- Default policy name
- password_
auto_ intunlock_ minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password_
dictionary_ boollookup - Check Passwords Against Common Password Dictionary. Default:
false
- password_
exclude_ boolfirst_ name - User firstName attribute must be excluded from the password
- password_
exclude_ boollast_ name - User lastName attribute must be excluded from the password
- password_
exclude_ boolusername - If the user name must be excluded from the password. Default:
true
- password_
expire_ intwarn_ days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password_
history_ intcount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password_
lockout_ Sequence[str]notification_ channels - Notification channels to use to notify a user when their account has been locked.
- password_
max_ intage_ days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password_
max_ intlockout_ attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password_
min_ intage_ minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password_
min_ intlength - Minimum password length. Default is
8
. - password_
min_ intlowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password_
min_ intnumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password_
min_ intsymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password_
min_ intuppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password_
show_ boollockout_ failures - If a user should be informed when their account is locked. Default:
false
- priority int
- Default policy priority
- question_
min_ intlength - Min length of the password recovery question answer. Default:
4
- question_
recovery str - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery_
email_ inttoken - Lifetime in minutes of the recovery email token. Default:
60
- skip_
unlock bool - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms_
recovery str - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- status str
- Default policy status
- call
Recovery String - Enable or disable voice call recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- default
Auth StringProvider - Default Authentication Provider
- default
Included StringGroup Id - Default group ID (always included)
- description String
- Default policy description
- email
Recovery String - Enable or disable email password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- name String
- Default policy name
- password
Auto NumberUnlock Minutes - Number of minutes before a locked account is unlocked: 0 = no limit. Default:
0
- password
Dictionary BooleanLookup - Check Passwords Against Common Password Dictionary. Default:
false
- password
Exclude BooleanFirst Name - User firstName attribute must be excluded from the password
- password
Exclude BooleanLast Name - User lastName attribute must be excluded from the password
- password
Exclude BooleanUsername - If the user name must be excluded from the password. Default:
true
- password
Expire NumberWarn Days - Length in days a user will be warned before password expiry: 0 = no warning. Default:
0
- password
History NumberCount - Number of distinct passwords that must be created before they can be reused: 0 = none. Default:
4
- password
Lockout List<String>Notification Channels - Notification channels to use to notify a user when their account has been locked.
- password
Max NumberAge Days - Length in days a password is valid before expiry: 0 = no limit. Default:
0
- password
Max NumberLockout Attempts - Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default:
10
- password
Min NumberAge Minutes - Minimum time interval in minutes between password changes: 0 = no limit. Default:
0
- password
Min NumberLength - Minimum password length. Default is
8
. - password
Min NumberLowercase - If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default = 1
- password
Min NumberNumber - If a password must contain at least one number: 0 = no, 1 = yes. Default =
1
- password
Min NumberSymbol - If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default =
0
- password
Min NumberUppercase - If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default = 1
- password
Show BooleanLockout Failures - If a user should be informed when their account is locked. Default:
false
- priority Number
- Default policy priority
- question
Min NumberLength - Min length of the password recovery question answer. Default:
4
- question
Recovery String - Enable or disable security question password recovery: ACTIVE or INACTIVE. Default:
ACTIVE
- recovery
Email NumberToken - Lifetime in minutes of the recovery email token. Default:
60
- skip
Unlock Boolean - When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default:
false
- sms
Recovery String - Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default:
INACTIVE
- status String
- Default policy status
Import
$ pulumi import okta:index/policyPasswordDefault:PolicyPasswordDefault example .
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.