2020-10-16 12:13:02 +00:00
|
|
|
---
|
|
|
|
title: Policies
|
|
|
|
---
|
|
|
|
|
|
|
|
### What are policies
|
|
|
|
|
2020-10-26 12:54:29 +00:00
|
|
|
Policies are a means of enforcing certain behaviour of ZITADEL.
|
|
|
|
ZITADEL defines a default policy on the system level. However an organisation owner can change these aspects within his own organisation.
|
2020-10-16 12:13:02 +00:00
|
|
|
|
|
|
|
Below is a list of available policies
|
|
|
|
|
|
|
|
### Password complexity
|
|
|
|
|
|
|
|
This policy enforces passwords of users within the org. to be compliant.
|
|
|
|
|
|
|
|
- min length
|
|
|
|
- has number
|
|
|
|
- has symbol
|
|
|
|
- has lower case
|
|
|
|
- has upper case
|
|
|
|
|
|
|
|
> Screenshot here
|
|
|
|
|
|
|
|
### IAM Access Preference
|
|
|
|
|
|
|
|
This policy enforces, when set to true, that usernames are suffixed with the organisations domain.
|
2020-10-26 12:54:29 +00:00
|
|
|
Under normal operation this policy is only false on the `global` org. so that users can choose their email as their username.
|
2020-10-16 12:13:02 +00:00
|
|
|
Only available for the `IAM Administrator`
|
|
|
|
|
|
|
|
> Screenshot here
|
|
|
|
|
|
|
|
### Login Options
|
|
|
|
|
|
|
|
With this policy it is possible to define what options a user sees in the login process.
|
|
|
|
|
|
|
|
- Username Password allowed
|
|
|
|
- Self Register allowed
|
|
|
|
- External IDP allowed
|
|
|
|
- List of allowed external IDPs
|
|
|
|
|
|
|
|
> Screenshot here
|
|
|
|
|
|
|
|
### Audit policy changes
|
|
|
|
|
|
|
|
> Screenshot here
|
|
|
|
|
|
|
|
### Upcoming Policies
|
|
|
|
|
|
|
|
- Password age
|
|
|
|
- Password failure count
|