create

Description

Create a password policy.

The top level –endpoint parameter must be supplied for this operation.

Usage

oci identity-domains password-policy create [OPTIONS]

Required Parameters

--name [text]

A String that is the name of the policy to display to the user. This is the only mandatory attribute for a password policy.

SCIM++ Properties: - caseExact: false - idcsSearchable: true - multiValued: false - mutability: immutable - required: true - returned: always - type: string - uniqueness: server

--schemas [complex type]

REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard “enterprise” extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: true - mutability: readWrite - required: true - returned: default - type: string - uniqueness: none This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

Optional Parameters

--allowed-chars [text]

A String value whose contents indicate a set of characters that can appear, in any sequence, in a password value

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--attribute-sets [text]

A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If ‘attributes’ query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.

Accepted values are:

all, always, default, never, request
--attributes [text]

A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.

--authorization [text]

The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.

--compartment-ocid [text]

OCI Compartment Id (ocid) in which the resource lives.

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: default - type: string - uniqueness: none

--configured-password-policy-rules [complex type]

List of password policy rules that have values set. This map of stringKey:stringValue pairs can be used to aid users while setting/resetting password

SCIM++ Properties: - caseExact: false - idcsCompositeKey: [key] - multiValued: true - mutability: readOnly - required: false - returned: request - type: complex - uniqueness: none

This option is a JSON list with items of type PasswordPolicyConfiguredPasswordPolicyRules. For documentation on PasswordPolicyConfiguredPasswordPolicyRules please see our API reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/datatypes/PasswordPolicyConfiguredPasswordPolicyRules. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--delete-in-progress [boolean]

A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.

SCIM++ Properties: - caseExact: false - idcsSearchable: true - multiValued: false - mutability: readOnly - required: false - returned: default - type: boolean - uniqueness: none

--description [text]

A String that describes the password policy

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--dictionary-delimiter [text]

A delimiter used to separate characters in the dictionary file

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--dictionary-location [text]

A Reference value that contains the URI of a dictionary of words not allowed to appear within a password value

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--dictionary-word-disallowed [boolean]

Indicates whether the password can match a dictionary word

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

--disallowed-chars [text]

A String value whose contents indicate a set of characters that cannot appear, in any sequence, in a password value

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--disallowed-substrings [complex type]

A String value whose contents indicate a set of substrings that cannot appear, in any sequence, in a password value

SCIM++ Properties: - caseExact: false - multiValued: true - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--disallowed-user-attribute-values [complex type]

List of User attributes whose values are not allowed in the password.

Added In: 2303212224

SCIM++ Properties: - idcsSearchable: false - multiValued: true - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--distinct-characters [integer]

The number of distinct characters between old password and new password

Added In: 2303212224

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--domain-ocid [text]

OCI Domain Id (ocid) in which the resource lives.

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: default - type: string - uniqueness: none

--external-id [text]

An identifier for the Resource as defined by the Service Consumer. The externalId may simplify identification of the Resource between Service Consumer and Service Provider by allowing the Consumer to refer to the Resource with its own identifier, obviating the need to store a local mapping between the local identifier of the Resource and the identifier used by the Service Provider. Each Resource MAY include a non-empty externalId value. The value of the externalId attribute is always issued by the Service Consumer and can never be specified by the Service Provider. The Service Provider MUST always interpret the externalId as scoped to the Service Consumer’s tenant.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--first-name-disallowed [boolean]

Indicates a sequence of characters that match the user’s first name of given name cannot be the password. Password validation against policy will be ignored if length of first name is less than or equal to 3 characters.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

--force-password-reset [boolean]

Indicates whether all of the users should be forced to reset their password on the next login (to comply with new password policy changes)

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: writeOnly - required: false - returned: never - type: boolean - uniqueness: none

--from-json [text]

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

--groups [complex type]

A list of groups that the password policy belongs to.

Added In: 20.1.3

SCIM++ Properties: - caseExact: false - idcsCompositeKey: [value] - idcsSearchable: true - multiValued: true - mutability: readWrite - required: false - returned: default - type: complex - uniqueness: none

This option is a JSON list with items of type PasswordPolicyGroups. For documentation on PasswordPolicyGroups please see our API reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/datatypes/PasswordPolicyGroups. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--id [text]

Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider’s entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.

SCIM++ Properties: - caseExact: false - idcsSearchable: true - multiValued: false - mutability: readOnly - required: false - returned: always - type: string - uniqueness: global

--idcs-created-by [complex type]

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--idcs-last-modified-by [complex type]

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--idcs-last-upgraded-in-release [text]

The release number when the resource was upgraded.

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: request - type: string - uniqueness: none

--idcs-prevented-operations [text]

Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.

SCIM++ Properties: - idcsSearchable: false - multiValued: true - mutability: readOnly - required: false - returned: request - type: string - uniqueness: none

Accepted values are:

delete, replace, update
--last-name-disallowed [boolean]

Indicates a sequence of characters that match the user’s last name of given name cannot be the password. Password validation against policy will be ignored if length of last name is less than or equal to 3 characters.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

--lockout-duration [integer]

The time period in minutes to lock out a user account when the threshold of invalid login attempts is reached. The available range is from 5 through 1440 minutes (24 hours).

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--max-incorrect-attempts [integer]

An integer that represents the maximum number of failed logins before an account is locked

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--max-length [integer]

The maximum password length (in characters). A value of 0 or no value indicates no maximum length restriction.

SCIM++ Properties: - caseExact: false - idcsSearchable: true - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--max-repeated-chars [integer]

The maximum number of repeated characters allowed in a password. A value of 0 or no value indicates no such restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--max-special-chars [integer]

The maximum number of special characters in a password. A value of 0 or no value indicates no maximum special characters restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--meta [complex type]

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--min-alpha-numerals [integer]

The minimum number of a combination of alphabetic and numeric characters in a password. A value of 0 or no value indicates no minimum alphanumeric character restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-alphas [integer]

The minimum number of alphabetic characters in a password. A value of 0 or no value indicates no minimum alphas restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-length [integer]

The minimum password length (in characters). A value of 0 or no value indicates no minimum length restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-lower-case [integer]

The minimum number of lowercase alphabetic characters in a password. A value of 0 or no value indicates no minimum lowercase restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-numerals [integer]

The minimum number of numeric characters in a password. A value of 0 or no value indicates no minimum numeric character restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-password-age [integer]

Minimum time after which the user can resubmit the reset password request

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-special-chars [integer]

The minimum number of special characters in a password. A value of 0 or no value indicates no minimum special characters restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-unique-chars [integer]

The minimum number of unique characters in a password. A value of 0 or no value indicates no minimum unique characters restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--min-upper-case [integer]

The minimum number of uppercase alphabetic characters in a password. A value of 0 or no value indicates no minimum uppercase restriction.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--num-passwords-in-history [integer]

The number of passwords that will be kept in history that may not be used as a password

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--ocid [text]

Unique OCI identifier for the SCIM Resource.

SCIM++ Properties: - caseExact: true - idcsSearchable: true - multiValued: false - mutability: immutable - required: false - returned: default - type: string - uniqueness: global

--password-expire-warning [integer]

An integer indicating the number of days before which the user should be warned about password expiry.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--password-expires-after [integer]

The number of days after which the password expires automatically

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

--password-strength [text]

Indicates whether the password policy is configured as Simple, Standard, or Custom.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Accepted values are:

Custom, Simple, Standard
--priority [integer]

Password policy priority

Added In: 20.1.3

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - idcsMinValue: 1 - uniqueness: server

--required-chars [text]

A String value whose contents indicate a set of characters that must appear, in any sequence, in a password value

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

--resource-type-schema-version [text]

An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.

--starts-with-alphabet [boolean]

Indicates that the password must begin with an alphabetic character

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

--tags [complex type]

A list of tags on this resource.

SCIM++ Properties: - idcsCompositeKey: [key, value] - idcsSearchable: true - multiValued: true - mutability: readWrite - required: false - returned: request - type: complex - uniqueness: none

This option is a JSON list with items of type Tags. For documentation on tags please see our API reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/datatypes/Tags. This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--tenancy-ocid [text]

OCI Tenant Id (ocid) in which the resource lives.

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readOnly - required: false - returned: default - type: string - uniqueness: none

--user-name-disallowed [boolean]

Indicates a sequence of characters that match the username cannot be the password. Password validation against policy will be ignored if length of user name is less than or equal to 3 characters.

SCIM++ Properties: - caseExact: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Example using required parameter

Copy and paste the following example into a JSON file, replacing the example parameters with your own.

    oci identity-domains password-policy create --generate-param-json-input schemas > schemas.json

Copy the following CLI commands into a file named example.sh. Run the command by typing “bash example.sh” and replacing the example parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-like shell. You need to set up the OCI configuration and appropriate security policies before trying the examples.

    export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/identity-domains/password-policy/create.html#cmdoption-name

    oci identity-domains password-policy create --name $name --schemas file://schemas.json