--- title: "Step 1: Create a password policy for the Workday population" component: pingone-api page_id: pingone-api:workflow-library:platform-sso-and-authorization/identity-propagation/create-a-workday-propagation-connection/step-1-create-a-password-policy-for-the-workday-population canonical_url: https://developer.pingidentity.com/pingone-api/workflow-library/platform-sso-and-authorization/identity-propagation/create-a-workday-propagation-connection/step-1-create-a-password-policy-for-the-workday-population.html section_ids: headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Step 1: Create a password policy for the Workday population ##   ```none POST {{apiPath}}/v1/environments/{{envID}}/passwordPolicies ``` In [Step 7: Create a Workday propagation rule](step-7-create-a-workday-inbound-propagation-rule.html), you must provide an expression that selects a population of users to synchronize from Workday. One method (the method used in this use case) selects all users that belong to a particular PingOne population, identified by its population UUID. While an existing PingOne population can be used, this use case creates the population for Step 7 in [Step 2: Create a population to synchronize with Workday](step-2-create-a-population-to-synchronize-with-workday.html). Creating a population requires a password policy to apply to users in its population. While an existing PingOne password policy can be used, this use case creates the password policy for Step 2 in this step. Use `POST {{apiPath}}/v1/environments/{{envID}}/passwordPolicies` to create a Workday password policy for the specified environment. The request body specifies values for the properties associated with the password policy. > **Collapse: Request Model** > > | Property | Type | Required? | > | ------------------------- | --------- | --------- | > | `bypassPolicy` | Boolean | Optional | > | `default` | Boolean | Required | > | `description` | String | Optional | > | `excludesCommonlyUsed` | Boolean | Required | > | `excludesProfileData` | Boolean | Required | > | `history.count` | Integer | Optional | > | `history.retentionDays` | Integer | Optional | > | `length.max` | Integer | Optional | > | `length.min` | Integer | Optional | > | `lockout.durationSeconds` | Integer | Optional | > | `lockout.failureCount` | Integer | Optional | > | `maxAgeDays` | Integer | Optional | > | `maxRepeatedCharacters` | Integer | Optional | > | `minAgeDays` | Integer | Optional | > | `minCharacters` | String\[] | Optional | > | `minComplexity` | Integer | Optional | > | `minUniqueCharacters` | Integer | Optional | > | `name` | String | Required | > | `notSimilarToCurrent` | Boolean | Required | The following password requirements property values cannot be modified, but they can be excluded from the request to turn the requirement off. | Password requirement | Fixed value | Can be excluded | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------- | --------------- | | `length.max` | 255 | Yes | | `length.min` | 8 | Yes | | `maxRepeatedCharacters` | 2 | Yes | | `minCharacters` | "abcdefghijklmnopqrstuvwxyz": 1, "ABCDEFGHIJKLMNOPQRSTUVWXYZ": 1, "0123456789": 1, "\~!@#$%^&\*()-\_=+\[]{}\|;:,.<>/?": 1 | Yes | | `minComplexity` | 7 | Yes | | `minUniqueCharacters` | 5 | Yes | The following password requirements property values can be modified, and they can be excluded from the request to turn the requirement off. | Password requirement | Default value | Can be excluded | | -------------------- | ------------- | --------------- | | `maxAgeDays` | 182 | Yes | | `minAgeDays` | 1 | Yes | The minimum value for `maxAgeDays` is `minAgeDays` + 21 (the expiration warning interval). The following password policy rules can be changed to any positive integer, and these properties can be excluded from the request to turn the requirement off. If `history` is included, both values, `count` and `retentionDays`, must be defined. Likewise, if `lockout` is included, both values, `failureCount` and `durationSeconds`, must be defined. | Password policy rule | Default value | Can be excluded | | ------------------------- | ------------- | --------------- | | `history.count` | 6 | Yes | | `history.retentionDays` | 365 | Yes | | `lockout.durationSeconds` | 900 | Yes | | `lockout.failureCount` | 5 | Yes | Password attributes with boolean values such as `default`, `excludesProfileData`, `notSimilarToCurrent`, and `excludesCommonlyUsed` are required. The rule can be turned on or off by changing the value. ### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json ### Body raw ( application/json ) ```json { "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false } ``` ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/passwordPolicies' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/passwordPolicies") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""name"": ""Password Policy for Workday Users {{$timestamp}}""," + "\n" + @" ""description"": ""A policy specific to users in the Workday population""," + "\n" + @" ""excludesProfileData"": true," + "\n" + @" ""notSimilarToCurrent"": true," + "\n" + @" ""excludesCommonlyUsed"": true," + "\n" + @" ""minComplexity"": 7," + "\n" + @" ""maxAgeDays"": 182," + "\n" + @" ""minAgeDays"": 1," + "\n" + @" ""history"": {" + "\n" + @" ""count"": 8," + "\n" + @" ""retentionDays"": 365" + "\n" + @" }," + "\n" + @" ""lockout"": {" + "\n" + @" ""failureCount"": 3," + "\n" + @" ""durationSeconds"": 900" + "\n" + @" }," + "\n" + @" ""default"": false" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies" method := "POST" payload := strings.NewReader(`{ "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/passwordPolicies HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"name\": \"Password Policy for Workday Users {{$timestamp}}\",\n \"description\": \"A policy specific to users in the Workday population\",\n \"excludesProfileData\": true,\n \"notSimilarToCurrent\": true,\n \"excludesCommonlyUsed\": true,\n \"minComplexity\": 7,\n \"maxAgeDays\": 182,\n \"minAgeDays\": 1,\n \"history\": {\n \"count\": 8,\n \"retentionDays\": 365\n },\n \"lockout\": {\n \"failureCount\": 3,\n \"durationSeconds\": 900\n },\n \"default\": false\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/passwordPolicies") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/passwordPolicies', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies" payload = json.dumps({ "name": "Password Policy for Workday Users {{$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": True, "notSimilarToCurrent": True, "excludesCommonlyUsed": True, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": False }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/passwordPolicies'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "name": "Password Policy for Workday Users {{$timestamp}}",\n "description": "A policy specific to users in the Workday population",\n "excludesProfileData": true,\n "notSimilarToCurrent": true,\n "excludesCommonlyUsed": true,\n "minComplexity": 7,\n "maxAgeDays": 182,\n "minAgeDays": 1,\n "history": {\n "count": 8,\n "retentionDays": 365\n },\n "lockout": {\n "failureCount": 3,\n "durationSeconds": 900\n },\n "default": false\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/passwordPolicies") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "name": "Password Policy for Workday Users {{\$timestamp}}", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "default": false }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"name\": \"Password Policy for Workday Users {{$timestamp}}\",\n \"description\": \"A policy specific to users in the Workday population\",\n \"excludesProfileData\": true,\n \"notSimilarToCurrent\": true,\n \"excludesCommonlyUsed\": true,\n \"minComplexity\": 7,\n \"maxAgeDays\": 182,\n \"minAgeDays\": 1,\n \"history\": {\n \"count\": 8,\n \"retentionDays\": 365\n },\n \"lockout\": {\n \"failureCount\": 3,\n \"durationSeconds\": 900\n },\n \"default\": false\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/passwordPolicies")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/passwordPolicies/deff20db-310e-4de3-a519-372f89c371fb" }, "environment": { "href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" } }, "id": "deff20db-310e-4de3-a519-372f89c371fb", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "name": "Password Policy for Workday Users", "description": "A policy specific to users in the Workday population", "excludesProfileData": true, "notSimilarToCurrent": true, "excludesCommonlyUsed": true, "minComplexity": 7, "maxAgeDays": 182, "minAgeDays": 1, "history": { "count": 8, "retentionDays": 365 }, "lockout": { "failureCount": 3, "durationSeconds": 900 }, "createdAt": "2022-10-11T14:39:06.738Z", "updatedAt": "2022-10-11T14:39:06.738Z", "default": false } ```