Configuring Password Policies (Keycloak)
Keycloak administrators set password rules on the Keycloak management console (Policies tab under Authentication).
Tip
More details on strong passwords can be found in the following section Configure PoolParty to Use Stronger Passwords.
Since the PoolParty password reset and new user creation workflows create passwords in line with predefined specifications the password policies defined in Keycloak should satisfy the following requirements:
Minimum Length - its value may not exceed 40 characters;
Maximum Length - this value must be at least 40 characters;
Uppercase Characters - its value should be within a range between 1 and 8, respectively 0 (not configured at all);
Lowercase Characters - this value should be within a range between 1 and 8, respectively 0 (not configured at all)
Digits - its value should be within a range between 1 and 8, respectively 0 (not configured at all)
Special Characters - this value should be within a range between 1 and 8, respectively 0 (not configured at all)
It is strongly recommended not to use Regular Expressions policies; should it be necessary to use such, then they must be carefully drafted to allow temporary passwords generated by PoolParty.
Any other policies (related to expiry, reuse, hashing, etc.) can be used with no restrictions.
You have however to always bear in mind that new policies may be added in the future to comply with security requirements since some of such policies may then not allow to use temporary passwords generated by PoolParty.
Note
For more details on Keycloak password policies, also refer to Keycloak documentation.