Okta v4.15.0, Mar 7 25

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

okta.policy.Password

Explore with Pulumi AI

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.policy.Password("example", {
    name: "example",
    status: "ACTIVE",
    description: "Example",
    passwordHistoryCount: 4,
    groupsIncludeds: [everyone.id],
});

import pulumi
import pulumi_okta as okta

example = okta.policy.Password("example",
    name="example",
    status="ACTIVE",
    description="Example",
    password_history_count=4,
    groups_includeds=[everyone["id"]])

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/policy"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := policy.NewPassword(ctx, "example", &policy.PasswordArgs{
			Name:                 pulumi.String("example"),
			Status:               pulumi.String("ACTIVE"),
			Description:          pulumi.String("Example"),
			PasswordHistoryCount: pulumi.Int(4),
			GroupsIncludeds: pulumi.StringArray{
				everyone.Id,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = new Okta.Policy.Password("example", new()
    {
        Name = "example",
        Status = "ACTIVE",
        Description = "Example",
        PasswordHistoryCount = 4,
        GroupsIncludeds = new[]
        {
            everyone.Id,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.policy.Password;
import com.pulumi.okta.policy.PasswordArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Password("example", PasswordArgs.builder()
            .name("example")
            .status("ACTIVE")
            .description("Example")
            .passwordHistoryCount(4)
            .groupsIncludeds(everyone.id())
            .build());

    }
}

resources:
  example:
    type: okta:policy:Password
    properties:
      name: example
      status: ACTIVE
      description: Example
      passwordHistoryCount: 4
      groupsIncludeds:
        - ${everyone.id}

Create Password Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Password(name: string, args?: PasswordArgs, opts?: CustomResourceOptions);

@overload
def Password(resource_name: str,
             args: Optional[PasswordArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def Password(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             auth_provider: Optional[str] = None,
             call_recovery: Optional[str] = None,
             description: Optional[str] = None,
             email_recovery: Optional[str] = None,
             groups_includeds: Optional[Sequence[str]] = None,
             name: Optional[str] = None,
             password_auto_unlock_minutes: Optional[int] = None,
             password_dictionary_lookup: Optional[bool] = None,
             password_exclude_first_name: Optional[bool] = None,
             password_exclude_last_name: Optional[bool] = None,
             password_exclude_username: Optional[bool] = None,
             password_expire_warn_days: Optional[int] = None,
             password_history_count: Optional[int] = None,
             password_lockout_notification_channels: Optional[Sequence[str]] = None,
             password_max_age_days: Optional[int] = None,
             password_max_lockout_attempts: Optional[int] = None,
             password_min_age_minutes: Optional[int] = None,
             password_min_length: Optional[int] = None,
             password_min_lowercase: Optional[int] = None,
             password_min_number: Optional[int] = None,
             password_min_symbol: Optional[int] = None,
             password_min_uppercase: Optional[int] = None,
             password_show_lockout_failures: Optional[bool] = None,
             priority: Optional[int] = None,
             question_min_length: Optional[int] = None,
             question_recovery: Optional[str] = None,
             recovery_email_token: Optional[int] = None,
             skip_unlock: Optional[bool] = None,
             sms_recovery: Optional[str] = None,
             status: Optional[str] = None)

func NewPassword(ctx *Context, name string, args *PasswordArgs, opts ...ResourceOption) (*Password, error)

public Password(string name, PasswordArgs? args = null, CustomResourceOptions? opts = null)

public Password(String name, PasswordArgs args)
public Password(String name, PasswordArgs args, CustomResourceOptions options)

type: okta:policy:Password
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PasswordArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PasswordArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PasswordArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PasswordArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PasswordArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var passwordResource = new Okta.Policy.Password("passwordResource", new()
{
    AuthProvider = "string",
    CallRecovery = "string",
    Description = "string",
    EmailRecovery = "string",
    GroupsIncludeds = new[]
    {
        "string",
    },
    Name = "string",
    PasswordAutoUnlockMinutes = 0,
    PasswordDictionaryLookup = false,
    PasswordExcludeFirstName = false,
    PasswordExcludeLastName = false,
    PasswordExcludeUsername = false,
    PasswordExpireWarnDays = 0,
    PasswordHistoryCount = 0,
    PasswordLockoutNotificationChannels = new[]
    {
        "string",
    },
    PasswordMaxAgeDays = 0,
    PasswordMaxLockoutAttempts = 0,
    PasswordMinAgeMinutes = 0,
    PasswordMinLength = 0,
    PasswordMinLowercase = 0,
    PasswordMinNumber = 0,
    PasswordMinSymbol = 0,
    PasswordMinUppercase = 0,
    PasswordShowLockoutFailures = false,
    Priority = 0,
    QuestionMinLength = 0,
    QuestionRecovery = "string",
    RecoveryEmailToken = 0,
    SkipUnlock = false,
    SmsRecovery = "string",
    Status = "string",
});

example, err := policy.NewPassword(ctx, "passwordResource", &policy.PasswordArgs{
	AuthProvider:  pulumi.String("string"),
	CallRecovery:  pulumi.String("string"),
	Description:   pulumi.String("string"),
	EmailRecovery: pulumi.String("string"),
	GroupsIncludeds: pulumi.StringArray{
		pulumi.String("string"),
	},
	Name:                      pulumi.String("string"),
	PasswordAutoUnlockMinutes: pulumi.Int(0),
	PasswordDictionaryLookup:  pulumi.Bool(false),
	PasswordExcludeFirstName:  pulumi.Bool(false),
	PasswordExcludeLastName:   pulumi.Bool(false),
	PasswordExcludeUsername:   pulumi.Bool(false),
	PasswordExpireWarnDays:    pulumi.Int(0),
	PasswordHistoryCount:      pulumi.Int(0),
	PasswordLockoutNotificationChannels: pulumi.StringArray{
		pulumi.String("string"),
	},
	PasswordMaxAgeDays:          pulumi.Int(0),
	PasswordMaxLockoutAttempts:  pulumi.Int(0),
	PasswordMinAgeMinutes:       pulumi.Int(0),
	PasswordMinLength:           pulumi.Int(0),
	PasswordMinLowercase:        pulumi.Int(0),
	PasswordMinNumber:           pulumi.Int(0),
	PasswordMinSymbol:           pulumi.Int(0),
	PasswordMinUppercase:        pulumi.Int(0),
	PasswordShowLockoutFailures: pulumi.Bool(false),
	Priority:                    pulumi.Int(0),
	QuestionMinLength:           pulumi.Int(0),
	QuestionRecovery:            pulumi.String("string"),
	RecoveryEmailToken:          pulumi.Int(0),
	SkipUnlock:                  pulumi.Bool(false),
	SmsRecovery:                 pulumi.String("string"),
	Status:                      pulumi.String("string"),
})

var passwordResource = new Password("passwordResource", PasswordArgs.builder()
    .authProvider("string")
    .callRecovery("string")
    .description("string")
    .emailRecovery("string")
    .groupsIncludeds("string")
    .name("string")
    .passwordAutoUnlockMinutes(0)
    .passwordDictionaryLookup(false)
    .passwordExcludeFirstName(false)
    .passwordExcludeLastName(false)
    .passwordExcludeUsername(false)
    .passwordExpireWarnDays(0)
    .passwordHistoryCount(0)
    .passwordLockoutNotificationChannels("string")
    .passwordMaxAgeDays(0)
    .passwordMaxLockoutAttempts(0)
    .passwordMinAgeMinutes(0)
    .passwordMinLength(0)
    .passwordMinLowercase(0)
    .passwordMinNumber(0)
    .passwordMinSymbol(0)
    .passwordMinUppercase(0)
    .passwordShowLockoutFailures(false)
    .priority(0)
    .questionMinLength(0)
    .questionRecovery("string")
    .recoveryEmailToken(0)
    .skipUnlock(false)
    .smsRecovery("string")
    .status("string")
    .build());

password_resource = okta.policy.Password("passwordResource",
    auth_provider="string",
    call_recovery="string",
    description="string",
    email_recovery="string",
    groups_includeds=["string"],
    name="string",
    password_auto_unlock_minutes=0,
    password_dictionary_lookup=False,
    password_exclude_first_name=False,
    password_exclude_last_name=False,
    password_exclude_username=False,
    password_expire_warn_days=0,
    password_history_count=0,
    password_lockout_notification_channels=["string"],
    password_max_age_days=0,
    password_max_lockout_attempts=0,
    password_min_age_minutes=0,
    password_min_length=0,
    password_min_lowercase=0,
    password_min_number=0,
    password_min_symbol=0,
    password_min_uppercase=0,
    password_show_lockout_failures=False,
    priority=0,
    question_min_length=0,
    question_recovery="string",
    recovery_email_token=0,
    skip_unlock=False,
    sms_recovery="string",
    status="string")

const passwordResource = new okta.policy.Password("passwordResource", {
    authProvider: "string",
    callRecovery: "string",
    description: "string",
    emailRecovery: "string",
    groupsIncludeds: ["string"],
    name: "string",
    passwordAutoUnlockMinutes: 0,
    passwordDictionaryLookup: false,
    passwordExcludeFirstName: false,
    passwordExcludeLastName: false,
    passwordExcludeUsername: false,
    passwordExpireWarnDays: 0,
    passwordHistoryCount: 0,
    passwordLockoutNotificationChannels: ["string"],
    passwordMaxAgeDays: 0,
    passwordMaxLockoutAttempts: 0,
    passwordMinAgeMinutes: 0,
    passwordMinLength: 0,
    passwordMinLowercase: 0,
    passwordMinNumber: 0,
    passwordMinSymbol: 0,
    passwordMinUppercase: 0,
    passwordShowLockoutFailures: false,
    priority: 0,
    questionMinLength: 0,
    questionRecovery: "string",
    recoveryEmailToken: 0,
    skipUnlock: false,
    smsRecovery: "string",
    status: "string",
});

type: okta:policy:Password
properties:
    authProvider: string
    callRecovery: string
    description: string
    emailRecovery: string
    groupsIncludeds:
        - string
    name: string
    passwordAutoUnlockMinutes: 0
    passwordDictionaryLookup: false
    passwordExcludeFirstName: false
    passwordExcludeLastName: false
    passwordExcludeUsername: false
    passwordExpireWarnDays: 0
    passwordHistoryCount: 0
    passwordLockoutNotificationChannels:
        - string
    passwordMaxAgeDays: 0
    passwordMaxLockoutAttempts: 0
    passwordMinAgeMinutes: 0
    passwordMinLength: 0
    passwordMinLowercase: 0
    passwordMinNumber: 0
    passwordMinSymbol: 0
    passwordMinUppercase: 0
    passwordShowLockoutFailures: false
    priority: 0
    questionMinLength: 0
    questionRecovery: string
    recoveryEmailToken: 0
    skipUnlock: false
    smsRecovery: string
    status: string

Password Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Password resource accepts the following input properties:

AuthProvider string: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds List<string>: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels List<string>: Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int: Minimum password length. Default: 8
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked. Default: false
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int: Min length of the password recovery question answer. Default: 4
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int: Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

AuthProvider string: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds []string: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels []string: Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int: Minimum password length. Default: 8
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked. Default: false
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int: Min length of the password recovery question answer. Default: 4
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int: Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

authProvider String: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String: Policy Description
emailRecovery String: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>: List of Group IDs to Include
name String: Policy Name
passwordAutoUnlockMinutes Integer: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean: Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean: If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Integer: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Integer: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>: Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Integer: Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Integer: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Integer: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Integer: Minimum password length. Default: 8
passwordMinLowercase Integer: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Integer: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Integer: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Integer: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean: If a user should be informed when their account is locked. Default: false
priority Integer: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Integer: Min length of the password recovery question answer. Default: 4
questionRecovery String: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Integer: Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

authProvider string: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery string: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description string: Policy Description
emailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds string[]: List of Group IDs to Include
name string: Policy Name
passwordAutoUnlockMinutes number: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup boolean: Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername boolean: If the user name must be excluded from the password. Default: true
passwordExpireWarnDays number: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount number: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels string[]: Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays number: Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts number: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes number: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength number: Minimum password length. Default: 8
passwordMinLowercase number: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber number: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol number: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase number: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures boolean: If a user should be informed when their account is locked. Default: false
priority number: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength number: Min length of the password recovery question answer. Default: 4
questionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken number: Lifetime in minutes of the recovery email token. Default: 60
skipUnlock boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status string: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

auth_provider str: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
call_recovery str: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description str: Policy Description
email_recovery str: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groups_includeds Sequence[str]: List of Group IDs to Include
name str: Policy Name
password_auto_unlock_minutes int: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
password_dictionary_lookup bool: Check Passwords Against Common Password Dictionary. Default: false
password_exclude_first_name bool: User firstName attribute must be excluded from the password
password_exclude_last_name bool: User lastName attribute must be excluded from the password
password_exclude_username bool: If the user name must be excluded from the password. Default: true
password_expire_warn_days int: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
password_history_count int: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
password_lockout_notification_channels Sequence[str]: Notification channels to use to notify a user when their account has been locked.
password_max_age_days int: Length in days a password is valid before expiry: 0 = no limit. Default: 0
password_max_lockout_attempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
password_min_age_minutes int: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
password_min_length int: Minimum password length. Default: 8
password_min_lowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
password_min_number int: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
password_min_symbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
password_min_uppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
password_show_lockout_failures bool: If a user should be informed when their account is locked. Default: false
priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
question_min_length int: Min length of the password recovery question answer. Default: 4
question_recovery str: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recovery_email_token int: Lifetime in minutes of the recovery email token. Default: 60
skip_unlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
sms_recovery str: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status str: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

authProvider String: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String: Policy Description
emailRecovery String: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>: List of Group IDs to Include
name String: Policy Name
passwordAutoUnlockMinutes Number: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean: Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean: If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Number: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Number: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>: Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Number: Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Number: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Number: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Number: Minimum password length. Default: 8
passwordMinLowercase Number: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Number: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Number: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Number: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean: If a user should be informed when their account is locked. Default: false
priority Number: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Number: Min length of the password recovery question answer. Default: 4
questionRecovery String: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Number: Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

Outputs

All input properties are implicitly available as output properties. Additionally, the Password resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Password Resource

Get an existing Password resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PasswordState, opts?: CustomResourceOptions): Password

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        auth_provider: Optional[str] = None,
        call_recovery: Optional[str] = None,
        description: Optional[str] = None,
        email_recovery: Optional[str] = None,
        groups_includeds: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        password_auto_unlock_minutes: Optional[int] = None,
        password_dictionary_lookup: Optional[bool] = None,
        password_exclude_first_name: Optional[bool] = None,
        password_exclude_last_name: Optional[bool] = None,
        password_exclude_username: Optional[bool] = None,
        password_expire_warn_days: Optional[int] = None,
        password_history_count: Optional[int] = None,
        password_lockout_notification_channels: Optional[Sequence[str]] = None,
        password_max_age_days: Optional[int] = None,
        password_max_lockout_attempts: Optional[int] = None,
        password_min_age_minutes: Optional[int] = None,
        password_min_length: Optional[int] = None,
        password_min_lowercase: Optional[int] = None,
        password_min_number: Optional[int] = None,
        password_min_symbol: Optional[int] = None,
        password_min_uppercase: Optional[int] = None,
        password_show_lockout_failures: Optional[bool] = None,
        priority: Optional[int] = None,
        question_min_length: Optional[int] = None,
        question_recovery: Optional[str] = None,
        recovery_email_token: Optional[int] = None,
        skip_unlock: Optional[bool] = None,
        sms_recovery: Optional[str] = None,
        status: Optional[str] = None) -> Password

func GetPassword(ctx *Context, name string, id IDInput, state *PasswordState, opts ...ResourceOption) (*Password, error)

public static Password Get(string name, Input<string> id, PasswordState? state, CustomResourceOptions? opts = null)

public static Password get(String name, Output<String> id, PasswordState state, CustomResourceOptions options)

resources:  _:    type: okta:policy:Password    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthProvider string: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds List<string>: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels List<string>: Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int: Minimum password length. Default: 8
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked. Default: false
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int: Min length of the password recovery question answer. Default: 4
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int: Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

AuthProvider string: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
CallRecovery string: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
Description string: Policy Description
EmailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
GroupsIncludeds []string: List of Group IDs to Include
Name string: Policy Name
PasswordAutoUnlockMinutes int: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
PasswordDictionaryLookup bool: Check Passwords Against Common Password Dictionary. Default: false
PasswordExcludeFirstName bool: User firstName attribute must be excluded from the password
PasswordExcludeLastName bool: User lastName attribute must be excluded from the password
PasswordExcludeUsername bool: If the user name must be excluded from the password. Default: true
PasswordExpireWarnDays int: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
PasswordHistoryCount int: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
PasswordLockoutNotificationChannels []string: Notification channels to use to notify a user when their account has been locked.
PasswordMaxAgeDays int: Length in days a password is valid before expiry: 0 = no limit. Default: 0
PasswordMaxLockoutAttempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
PasswordMinAgeMinutes int: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
PasswordMinLength int: Minimum password length. Default: 8
PasswordMinLowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
PasswordMinNumber int: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
PasswordMinSymbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
PasswordMinUppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
PasswordShowLockoutFailures bool: If a user should be informed when their account is locked. Default: false
Priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
QuestionMinLength int: Min length of the password recovery question answer. Default: 4
QuestionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
RecoveryEmailToken int: Lifetime in minutes of the recovery email token. Default: 60
SkipUnlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
SmsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
Status string: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

authProvider String: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String: Policy Description
emailRecovery String: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>: List of Group IDs to Include
name String: Policy Name
passwordAutoUnlockMinutes Integer: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean: Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean: If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Integer: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Integer: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>: Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Integer: Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Integer: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Integer: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Integer: Minimum password length. Default: 8
passwordMinLowercase Integer: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Integer: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Integer: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Integer: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean: If a user should be informed when their account is locked. Default: false
priority Integer: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Integer: Min length of the password recovery question answer. Default: 4
questionRecovery String: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Integer: Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

authProvider string: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery string: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description string: Policy Description
emailRecovery string: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds string[]: List of Group IDs to Include
name string: Policy Name
passwordAutoUnlockMinutes number: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup boolean: Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername boolean: If the user name must be excluded from the password. Default: true
passwordExpireWarnDays number: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount number: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels string[]: Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays number: Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts number: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes number: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength number: Minimum password length. Default: 8
passwordMinLowercase number: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber number: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol number: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase number: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures boolean: If a user should be informed when their account is locked. Default: false
priority number: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength number: Min length of the password recovery question answer. Default: 4
questionRecovery string: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken number: Lifetime in minutes of the recovery email token. Default: 60
skipUnlock boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery string: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status string: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

auth_provider str: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
call_recovery str: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description str: Policy Description
email_recovery str: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groups_includeds Sequence[str]: List of Group IDs to Include
name str: Policy Name
password_auto_unlock_minutes int: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
password_dictionary_lookup bool: Check Passwords Against Common Password Dictionary. Default: false
password_exclude_first_name bool: User firstName attribute must be excluded from the password
password_exclude_last_name bool: User lastName attribute must be excluded from the password
password_exclude_username bool: If the user name must be excluded from the password. Default: true
password_expire_warn_days int: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
password_history_count int: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
password_lockout_notification_channels Sequence[str]: Notification channels to use to notify a user when their account has been locked.
password_max_age_days int: Length in days a password is valid before expiry: 0 = no limit. Default: 0
password_max_lockout_attempts int: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
password_min_age_minutes int: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
password_min_length int: Minimum password length. Default: 8
password_min_lowercase int: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
password_min_number int: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
password_min_symbol int: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
password_min_uppercase int: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
password_show_lockout_failures bool: If a user should be informed when their account is locked. Default: false
priority int: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
question_min_length int: Min length of the password recovery question answer. Default: 4
question_recovery str: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recovery_email_token int: Lifetime in minutes of the recovery email token. Default: 60
skip_unlock bool: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
sms_recovery str: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status str: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

authProvider String: Authentication Provider: OKTA, ACTIVE_DIRECTORY or LDAP. Default: OKTA
callRecovery String: Enable or disable voice call recovery: ACTIVE or INACTIVE. Default: INACTIVE
description String: Policy Description
emailRecovery String: Enable or disable email password recovery: ACTIVE or INACTIVE. Default: ACTIVE
groupsIncludeds List<String>: List of Group IDs to Include
name String: Policy Name
passwordAutoUnlockMinutes Number: Number of minutes before a locked account is unlocked: 0 = no limit. Default: 0
passwordDictionaryLookup Boolean: Check Passwords Against Common Password Dictionary. Default: false
passwordExcludeFirstName Boolean: User firstName attribute must be excluded from the password
passwordExcludeLastName Boolean: User lastName attribute must be excluded from the password
passwordExcludeUsername Boolean: If the user name must be excluded from the password. Default: true
passwordExpireWarnDays Number: Length in days a user will be warned before password expiry: 0 = no warning. Default: 0
passwordHistoryCount Number: Number of distinct passwords that must be created before they can be reused: 0 = none. Default: 0
passwordLockoutNotificationChannels List<String>: Notification channels to use to notify a user when their account has been locked.
passwordMaxAgeDays Number: Length in days a password is valid before expiry: 0 = no limit. Default: 0
passwordMaxLockoutAttempts Number: Number of unsuccessful login attempts allowed before lockout: 0 = no limit. Default: 10
passwordMinAgeMinutes Number: Minimum time interval in minutes between password changes: 0 = no limit. Default: 0
passwordMinLength Number: Minimum password length. Default: 8
passwordMinLowercase Number: If a password must contain at least one lower case letter: 0 = no, 1 = yes. Default: 1
passwordMinNumber Number: If a password must contain at least one number: 0 = no, 1 = yes. Default: 1
passwordMinSymbol Number: If a password must contain at least one symbol (!@#$%^&*): 0 = no, 1 = yes. Default: 0
passwordMinUppercase Number: If a password must contain at least one upper case letter: 0 = no, 1 = yes. Default: 1
passwordShowLockoutFailures Boolean: If a user should be informed when their account is locked. Default: false
priority Number: Policy Priority, this attribute can be set to a valid priority. To avoid endless diff situation we error if an invalid priority is provided. API defaults it to the last (lowest) if not there.
questionMinLength Number: Min length of the password recovery question answer. Default: 4
questionRecovery String: Enable or disable security question password recovery: ACTIVE or INACTIVE. Default: ACTIVE
recoveryEmailToken Number: Lifetime in minutes of the recovery email token. Default: 60
skipUnlock Boolean: When an Active Directory user is locked out of Okta, the Okta unlock operation should also attempt to unlock the user's Windows account. Default: false
smsRecovery String: Enable or disable SMS password recovery: ACTIVE or INACTIVE. Default: INACTIVE
status String: Policy Status: ACTIVE or INACTIVE. Default: ACTIVE

Import

$ pulumi import okta:policy/password:Password example <policy_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Okta pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

Okta v4.15.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-okta

okta.policy.Password

On this page

On this page

Example Usage

Create Password Resource

Constructor syntax

Parameters

Constructor example

Password Resource Properties

Inputs

Outputs

Look up Existing Password Resource

Import

Package Details

On this page

On this page