How password policy applies to user authentication? Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfjmqag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jun QianJun Qian 

How password policy applies to user authentication?

We’d like to add password policy setting to our platform recently. After going through the OKTA API, i understand how password policy works with the user recovery operation (password change, password reset, user unlock).  but i’m not sure how it work with user authentication.

Based on the Authentication API below, for user authentication, it doesn’t use password policy to validate the password, it only use LOCKOUT setting in password policy to decide whether to show lockout failures.  

https://developer.okta.com/docs/api/resources/authn#response-example-for-primary-authentication-with-public-application-and-show-lockout-failures

Can anyone please confirm my understanding? 
Mihai NegoitaMihai Negoita (Okta, Inc.)
Hi Jun,

Thank you for reaching out to the Okta Community.  
You are correct. It does not use the Password Policy to validate the authentication but it does reference it in the case of Lockout events.

Best regards,  
Mihai Negoita
Okta Support.
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team