cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

passwordPolicy REST API

passwordPolicy REST API

The APIs described in this doc are designed to:

  • Create, edit, and delete a password policy
  • Set a variety of parameters to define the policy
  • Associate it with one or more sources

 

IMPORTANT: These APIs are being deprecated in favor of the IdentityNow Platform APIs. While these APIs will continue to be available for the foreseeable future, SailPoint recommends that you transition to the new versions as soon as possible. For detailed information about all new platform APIs, visit the SailPoint API Reference.

 

Working with Password Policies

This document covers the following tasks:

 

Prerequisites:

  • Sign in to the org as an administrator. Click Admin and strong authenticate.
  • Get the source ID
  • Open your preferred tool for making API calls

 

NOTE: If you're making these API calls, you'll need to use on of our supported authentication methods. As a best practice SailPoint recommends using OAuth 2. Also, the endpoint you use must be changed slightly based on the authentication method. For details, see the Authentication section of the Developer portal documentation.

 

Create a Password Policy

When you create a password policy, name is the only required parameter.

 

Complete the following steps:

1. Make the following call:

POST <org>/api/passwordPolicy/create with the required parameter name which names the password policy.

 

 

2. Provide values for any of the following optional parameters:

 

  • description - Describes the password policy
  • maxLength - The maximum length of a password
  • minAlpha - The minimum number of letters required
  • minLength - The minimum length of a password
  • minLower - The minimum number of lowercase letters
 
  • minNumber - The minimum number of numbers
  • minSpecial - The minimum number of special characters
  • minUpper - The minimum number of uppercase letters
  • useAccountAttributes - True indicates that users can use information from their account in the password
  • useIdentityAttributes - True indicates that users can use information from their identity record in the password

 

NOTES:

  • useHistory and useDictionary are not supported at this time.
  • Parameters set to zero (0) are not enforced. For example if maxLength is set to 0, a password could be as long as the user wanted.

 

You should see results similar to the image on the right.

 

3. Make note of the id.

create+pp+result.png

 

Associate a Password Policy with a Source

After you create a password policy, you must associate it with a source.

 

Complete the following steps:

Make the following call:

 

POST <org>/api/source/update/<source_ID> with the required parameter of passwordPolicy which indicates the ID of the password policy you want to use.

 

 

You should results similar to the image on the right

 

NOTE: To apply the password policy to an app you must also enable Password Management on the source in the IdentityNow user interface. Furthermore, you must set Account Source to either Specific Users or All Users from the source you've edited here.

update+src+PP+result.png
 

 

 

View a List of Password Policies

You might want to see a list of password policies defined in your system to obtain the id of a policy you want to edit.

 

Complete the following steps:

Make the following call:

 

GET //<org>/api/passwordPolicy/list

 

where <org> is the URL for the customer's IdentityNow org..

 

You should see results similar to the image on the right.

list+pps.png

 

View a Password Policy

You might want to review a specific password policy. To do that you'll need to the policy's ID.

 

Complete the following steps:

Make the following call:

 

GET <org>/api/passwordPolicy/get/<pp_ID>

 

where <org> is the URL for the customer's IdentityNow org and <pp_ID> is the ID of the password policy you want to view.

 

You should see results similar to the image on the right.

get+pp.png

 

Delete a Password Policy

To delete a password policy, you need to have the policy ID.

 

Complete the following steps:

Make the following call

 

GET <org>/api/passwordPolicy/delete/<pp_ID>

 

where <org> is the URL for the customer's IdentityNow org and <pp_ID> is the ID of the password policy you want to view.

 

You should see no response when this successful.

 

Update a Password Policy

You might need to change the requirements of a password policy. To do this, you'll need the password policy ID.

 

Complete the following steps:

1. Make the following call:

 

POST <org>/api/passwordPolicy/set/<pp_ID>

 

where <org> is the URL for the customer's IdentityNow org and <pp_ID> is the ID of the password policy you want to view.

 

2. For any or all of the optional parameters described in Create a Password Policy, provide a new value.

 

 

You should see results similar to the image on the right. The example on the right shows a change to the maxLength parameter.

update+pp+result.png
Labels (2)
Comments

is this document still relevant?

Version history
Revision #:
6 of 6
Last update:
‎Oct 29, 2022 10:42 AM
Updated by: