This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

The WSO2 Identity Server (IS) allows you to define custom password policies and enforce them at the point of user creation. This topic guides you through configuring a simple custom password policy and enforcing it. You can also have a different password policy for each tenant in a multi-tenant environment. 

  1. Start the WSO2 IS server and login to the management console. 
  2. Click Resident under Identity Providers found in the Main tab of the management console
  3. Expand the Password Policies tab. 
  4. Expand the Password Patterns tab and select Enable Password Policy Feature. Update the default values and click Update

    Configuring password policies for multiple tenants

    Note: To configure this separately for different tenants in a multi-tenant environment, first login with Tenant A credentials and configure the password policy. Next, logout and login again with Tenant B credentials to configure a different policy for Tenant B.

    FieldDescriptionDefault Value
    Password Policy Min LengthThis value specifies the minimum length allowed for a password.6
    Password Policy Max LengthThis value specifies the maximum length allowed for a password.12
    Password Policy PatternThis is a Java based regular expression (regex) that defines a character sequence for the password to follow.


    For more information on the password pattern characters and the different patterns you can use, see Java Regex Pattern.

    Password Policy Error MessageThis value specifies the error message that will appear if the password policy is violated at the point of user creation.'Password pattern policy violated. Password should contain a digit[0-9], a lower case letter[a-z], an upper case letter[A-Z], one of !@#$%&* characters'

Related Links
  • No labels