Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Regex in Password Policy Json

Mahak_Acharya
Regular Contributor
Regular Contributor

Hi,

Can we put a regex in Password Policy Json.

Our requirement is to generate a random password during account creation. I want to understand if we can put regex or define the special characters in the JSON using which password is generated.

 

Thanks,

Mahak

16 REPLIES 16

rushikeshvartak
All-Star
All-Star
  • You can add regex in password policy and attach to security system

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Mahak_Acharya
Regular Contributor
Regular Contributor

If i associate a password policy in the security system, the application will be made available under the change password tile, which we do not want.

You can hide application from change password tile by adding dummy access query under endpoints Change Password Access Query

Where userkey = 0


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Mahak_Acharya
Regular Contributor
Regular Contributor

okay, but no way to directly add regex in JSON?

No. Directly in connection json is not supported 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Mahak_Acharya
Regular Contributor
Regular Contributor

okay, i also see that after putting the regex in Password Policy, a blacklisted word mentioned in the policy is being accepted because it allowed from Regex perspective. How can we avoid this?

 

Regards,

Mahak

Can you share configuration


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

  • It is allowed where ? During change password ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Yes, during change password. 

What is the scope of passwords? When I used your JSON, it showed a regex error.

rushikeshvartak_0-1724676419384.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Sorry, what do u mean by scope?

It works for me when trying to use the suggested password feature in Change password Tile.

Mahak_Acharya_0-1724830336670.png

 

Thanks,

Mahak

Ok Scope is Account and not user.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Mahak_Acharya
Regular Contributor
Regular Contributor

Regex:

^[a-zA-Z0-9!@#$%^&*()_+{}:;"',<>.?/]{14,20}$

Configuration in Policy: Attached a Pic

PP.PNG

Blacklisted Word in Blacklist.txt file: Welcome1234567,pa$5w0rd12345678

External Configuration in File:

blacklistdictionaryPath.statickeywords=/saviynt_shared/saviynt/Conf/blacklist/blacklist.txt

Thanks,

Mahak

NM
Honored Contributor II
Honored Contributor II

Hi @Mahak_Acharya to check the blacklisted keyword did you hardcode the password in json if so password policy won't come into picture.

2) if you tried to generate the blacklisted keyword via regex did it print the same value in logs which is added in blacklisted txt file?

Mahak_Acharya
Regular Contributor
Regular Contributor

1) No, i am not hardcoding the password in the json. In the change pass json, we are passing the variable "${arsTasks.getPassword()}" in order to pick the password that has been suggested in the change password tile or we put in using the Type new password functionality.

2) I feed in the password using the "type New password" option. The password does not show up in logs but blacklist attribute are being evaluated per logs. Still the password is not giving an error

Thanks,

Mahak

Mahak_Acharya
Regular Contributor
Regular Contributor

Hi,

Was able to resolve this as an interim solution by adding "pa\$5w0rd12345678" in the blacklisted attributes in Password policy. Even though we are not expected to place list of words in this attribute, seems to be working this way.

 

Thanks,

mahak