TenantPasswordPolicy
Password security policy and complexity requirements for a tenant workspace, defining rules that govern password creation, validation, expiration, and lockout behavior. This entity enables tenant-specific password security standards, allowing different organizations to enforce their own security requirements ranging from basic (8 characters) to stringent (16+ characters with complexity). It supports password complexity rules (uppercase, lowercase, numbers, special characters), password history to prevent reuse, expiration policies for forced rotation, account lockout rules after failed attempts, and password strength validation. The entity serves as the enforcement layer for password security compliance across industries with different regulatory requirements (HIPAA, PCI-DSS, SOC2) and enables tenants to balance security with user experience based on their risk profile.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| tenant | Tenant | stored | Reference to the Tenant this password policy applies to | Required |
| minLength | number | stored | Minimum password length Example: | Required |
| maxLength | number | stored | Maximum password length (null for no limit) Example: | Optional |
| requireUppercase | boolean | stored | Whether password must contain at least one uppercase letter Example: | Required |
| requireLowercase | boolean | stored | Whether password must contain at least one lowercase letter Example: | Required |
| requireNumbers | boolean | stored | Whether password must contain at least one numeric digit Example: | Required |
| requireSpecialChars | boolean | stored | Whether password must contain at least one special character Example: | Required |
| specialCharsSet | string | stored | Set of allowed special characters Example: | Optional |
| expirationDays | number | stored | Number of days before password expires (0 for no expiration) Example: | Required |
| preventReuseLast | number | stored | Number of previous passwords to prevent reuse (0 for no history check) Example: | Required |
| maxFailedAttempts | number | stored | Maximum number of failed login attempts before account lockout Example: | Required |
| lockoutDurationMinutes | number | stored | Duration in minutes for account lockout after max failed attempts Example: | Required |
| minStrengthScore | number | stored | Minimum password strength score required (0-4, using zxcvbn or similar) Example: | Optional |
| allowCommonPasswords | boolean | stored | Whether to allow commonly used passwords (password123, etc.) | Required |
| metadata | json | stored | Additional policy metadata and custom rules | Optional |
Examples
Example 1
{
"@type": "TenantPasswordPolicy",
"tenant": {
"@type": "Tenant",
"slug": "acme-corp",
"name": "ACME Corporation"
},
"minLength": 12,
"maxLength": 128,
"requireUppercase": true,
"requireLowercase": true,
"requireNumbers": true,
"requireSpecialChars": true,
"expirationDays": 90,
"preventReuseLast": 5,
"maxFailedAttempts": 5,
"lockoutDurationMinutes": 30,
"minStrengthScore": 3,
"allowCommonPasswords": false
}Example 2
{
"@type": "TenantPasswordPolicy",
"tenant": {
"@type": "Tenant",
"slug": "techstart",
"name": "TechStart Inc"
},
"minLength": 8,
"maxLength": 128,
"requireUppercase": true,
"requireLowercase": true,
"requireNumbers": true,
"requireSpecialChars": false,
"expirationDays": 0,
"preventReuseLast": 3,
"maxFailedAttempts": 3,
"lockoutDurationMinutes": 15,
"minStrengthScore": 2,
"allowCommonPasswords": false
}