xto5h (xto5h) asked a question.
Custom Password Policy beyond what Okta inherently supports
We have a need to implement a password policy to exclude any portions >2 characters of the username or user full name from the password. for example "John Smith" with username "jsmith@example.com" should be prevented from using a password which includes "smi" since these 3 characters appear in the username and last name.
It is our understanding that the Okta "Does not contain part of username" setting only prevents use of punctuation separated portions and the "Does not contain first name" and "Does not contain last name" only prevent use of the full first or last name respectively.
Is there any way to invoke a custom password validation to enforce this policy?
Hi Kevin,
You are correct. Currently the behavior applies to full parts of the user name delimited by punctuation or separated by @. So the password policy feature in this case would only apply to if you try to use jsmith in the password.
I do see how this would be usefull but this would have to be suggested as a feature.
You can suggest this on the Okta Community portal by navigating to the Idea section in the Product tab . Features suggested here are reviewed and can be voted and commented on by other members of the community, therefore making it much easier for the engineering team to understand the priorities that you have for feature requests. From there, the PM team will review the top 30 most voted upon ideas each month and provide feedback/roadmap status on these via the forum.