Managing a Password Dictionary

A password dictionary is a list of words or characters that you can upload to your IdentityNow site. You can configure your password policies to prevent your users from setting new passwords that contain words or characters in this dictionary.

Using a password dictionary involves two high-level steps:

  1. Create and upload your password dictionary file through our API.
  2. Enable the password dictionary on one or more password policies.

Creating a Password Dictionary


1. Create a text file to be used to create the password dictionary.

2. If necessary, add a locale string as the first line of your password dictionary. This uses the following format:

locale:<languageCode>_<countryCode>

Where <languageCode> is the 2-letter ISO 639-1 Code for the language.

And where <countryCode> is the 2-letter ISO 3166-1 Code for the country.

You'll need to include the locale string for the language you're planning on using in your password dictionary if you're using a language other than English. If you don't add a locale string, the password dictionary will automatically use the locale string for English, shown here:

locale:en_US

Using multiple locale strings is not supported.

3. Under the locale string, add a list of words to this file. Your list must have the following characteristics:

  • It must be a .txt file.
  • Each line containing a prohibited word or character must be only a single word of any length, with no spaces or whitespace characters.
  • The file must contain no more than 2,500 lines of prohibited words.
  • It must contain at least 1 line.
  • Each line should be no more than 128 characters long.
  • All characters in this file must be UTF-8 characters.

NOTES:

  • Lines that consist of only whitespace will be ignored by SailPoint's API.
  • Lines that start with a # will be treated as comments.
  • All words in this password dictionary are case-insensitive, so adding the word "password" to your list of prohibited words will also disallow the words "PASSWORD," "Password," and "PassWord."
  • The password dictionary uses substring matching, so adding the word "spring" to your list of prohibited words will also disallow “Spring124”, “345SprinG”, and "8spring".

4. Upload the file containing your list of prohibited words to SailPoint's password dictionary API.

You can find documentation for this API here: Update Password Dictionary

If SailPoint's API can't process your .txt file, open the file in a different editor and save it.

If you need to download your Password Dictionary later to make updates, you can use this API: Get Password Dictionary. Uploading a new file always overwrites the previous dictionary file.

Enabling a Password Dictionary in a Password Policy


You can determine which password policies should check new passwords against the list you uploaded.

1. Sign in to IdentityNow and go to the Admin interface.

2. Go to Password Mgmt > Policies.

3. Click the Edit icon beside the name of the policy you want to edit.

4. In the Password Requirements section, select the checkbox for Prevent use of dictionary words.

5. Click Save.

password dictionary checkbox.png

 

Related Documentation:

Version history
Revision #:
23 of 23
Last update:
‎Oct 23, 2020 11:58 AM
Updated by: