Skip to main content

PasswordPoliciesAPI

Use these APIs to implement password policies functionality. These APIs allow you to define the policy parameters for choosing passwords.

IdentityNow comes with a default policy that you can modify to define the password requirements your users must meet to log in to IdentityNow, such as requiring a minimum password length, including special characters, and disallowing certain patterns. If you have licensed Password Management, you can create additional password policies beyond the default one to manage passwords for supported sources in your org.

In the Identity Security Cloud Admin panel, administrators can use the Password Mgmt dropdown menu to select Sync Groups. Refer to Managing Password Policies for more information about password policies.

All URIs are relative to https://sailpoint.api.identitynow.com/v2025

MethodHTTP requestDescription
create-password-policyPost /password-policiesCreate password policy
delete-password-policyDelete /password-policies/{id}Delete password policy by id
get-password-policy-by-idGet /password-policies/{id}Get password policy by id
list-password-policiesGet /password-policiesList password policies
set-password-policyPut /password-policies/{id}Update password policy by id

create-password-policy

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

setting x-sailpoint-experimental header

on the configuration object you can set the x-sailpoint-experimental header to `true' to enable all experimantl endpoints within the SDK. Example:

  configuration = Configuration()
configuration.experimental = True

Create password policy This API creates the specified password policy.

API Spec

Path Parameters

Other Parameters

Other parameters are passed through a pointer to a apiCreatePasswordPolicyRequest struct via the builder pattern

NameTypeDescriptionNotes
xSailPointExperimentalstringUse this header to enable this experimental API.[default to "true"]
passwordPolicyV3DtoPasswordPolicyV3Dto

Return type

PasswordPolicyV3Dto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

package main

import (
"context"
"fmt"
"os"
"encoding/json"
v2025 "github.com/sailpoint-oss/golang-sdk/v2/api_v2025"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)

func main() {
xSailPointExperimental := `true` // string | Use this header to enable this experimental API. (default to "true") # string | Use this header to enable this experimental API. (default to "true")
passwordpolicyv3dto := []byte(`{
"validateAgainstAccountName" : true,
"minLength" : 8,
"description" : "Information about the Password Policy",
"requireStrongAuthUntrustedGeographies" : true,
"enablePasswdExpiration" : true,
"minNumeric" : 8,
"lastUpdated" : 1939056206564,
"validateAgainstAccountId" : false,
"dateCreated" : 1639056206564,
"accountNameMinWordLength" : 6,
"minUpper" : 8,
"firstExpirationReminder" : 45,
"modified" : "modified",
"id" : "2c91808e7d976f3b017d9f5ceae440c8",
"requireStrongAuthn" : true,
"useDictionary" : false,
"minSpecial" : 8,
"sourceIds" : [ "2c91808382ffee0b01830de154f14034", "2f98808382ffee0b01830de154f12134" ],
"passwordExpiration" : 8,
"maxRepeatedChars" : 3,
"minCharacterTypes" : 5,
"minAlpha" : 5,
"created" : "created",
"useAccountAttributes" : false,
"accountIdMinWordLength" : 4,
"minLower" : 8,
"useIdentityAttributes" : false,
"defaultPolicy" : true,
"requireStrongAuthOffNetwork" : true,
"name" : "PasswordPolicy Example",
"maxLength" : 25
}`) // PasswordPolicyV3Dto |

var passwordPolicyV3Dto v2025.PasswordPolicyV3Dto
if err := json.Unmarshal(passwordpolicyv3dto, &passwordPolicyV3Dto); err != nil {
fmt.Println("Error:", err)
return
}


configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.V2025.PasswordPoliciesAPI.CreatePasswordPolicy(context.Background()).XSailPointExperimental(xSailPointExperimental).PasswordPolicyV3Dto(passwordPolicyV3Dto).Execute()
//resp, r, err := apiClient.V2025.PasswordPoliciesAPI.CreatePasswordPolicy(context.Background()).XSailPointExperimental(xSailPointExperimental).PasswordPolicyV3Dto(passwordPolicyV3Dto).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PasswordPoliciesAPI.CreatePasswordPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `CreatePasswordPolicy`: PasswordPolicyV3Dto
fmt.Fprintf(os.Stdout, "Response from `PasswordPoliciesAPI.CreatePasswordPolicy`: %v\n", resp)
}

[Back to top]

delete-password-policy

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

setting x-sailpoint-experimental header

on the configuration object you can set the x-sailpoint-experimental header to `true' to enable all experimantl endpoints within the SDK. Example:

  configuration = Configuration()
configuration.experimental = True

Delete password policy by id This API deletes the specified password policy.

API Spec

Path Parameters

NameTypeDescriptionNotes
ctxcontext.Contextcontext for authentication, logging, cancellation, deadlines, tracing, etc.
idstringThe ID of password policy to delete.

Other Parameters

Other parameters are passed through a pointer to a apiDeletePasswordPolicyRequest struct via the builder pattern

NameTypeDescriptionNotes

xSailPointExperimental | string | Use this header to enable this experimental API. | [default to "true"]

Return type

(empty response body)

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

package main

import (
"context"
"fmt"
"os"


sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)

func main() {
id := `ff808081838d9e9d01838da6a03e0002` // string | The ID of password policy to delete. # string | The ID of password policy to delete.
xSailPointExperimental := `true` // string | Use this header to enable this experimental API. (default to "true") # string | Use this header to enable this experimental API. (default to "true")



configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
r, err := apiClient.V2025.PasswordPoliciesAPI.DeletePasswordPolicy(context.Background(), id).XSailPointExperimental(xSailPointExperimental).Execute()
//r, err := apiClient.V2025.PasswordPoliciesAPI.DeletePasswordPolicy(context.Background(), id).XSailPointExperimental(xSailPointExperimental).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PasswordPoliciesAPI.DeletePasswordPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}

}

[Back to top]

get-password-policy-by-id

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

setting x-sailpoint-experimental header

on the configuration object you can set the x-sailpoint-experimental header to `true' to enable all experimantl endpoints within the SDK. Example:

  configuration = Configuration()
configuration.experimental = True

Get password policy by id This API returns the password policy for the specified ID.

API Spec

Path Parameters

NameTypeDescriptionNotes
ctxcontext.Contextcontext for authentication, logging, cancellation, deadlines, tracing, etc.
idstringThe ID of password policy to retrieve.

Other Parameters

Other parameters are passed through a pointer to a apiGetPasswordPolicyByIdRequest struct via the builder pattern

NameTypeDescriptionNotes

xSailPointExperimental | string | Use this header to enable this experimental API. | [default to "true"]

Return type

PasswordPolicyV3Dto

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

package main

import (
"context"
"fmt"
"os"


sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)

func main() {
id := `ff808081838d9e9d01838da6a03e0005` // string | The ID of password policy to retrieve. # string | The ID of password policy to retrieve.
xSailPointExperimental := `true` // string | Use this header to enable this experimental API. (default to "true") # string | Use this header to enable this experimental API. (default to "true")



configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.V2025.PasswordPoliciesAPI.GetPasswordPolicyById(context.Background(), id).XSailPointExperimental(xSailPointExperimental).Execute()
//resp, r, err := apiClient.V2025.PasswordPoliciesAPI.GetPasswordPolicyById(context.Background(), id).XSailPointExperimental(xSailPointExperimental).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PasswordPoliciesAPI.GetPasswordPolicyById``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `GetPasswordPolicyById`: PasswordPolicyV3Dto
fmt.Fprintf(os.Stdout, "Response from `PasswordPoliciesAPI.GetPasswordPolicyById`: %v\n", resp)
}

[Back to top]

list-password-policies

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

setting x-sailpoint-experimental header

on the configuration object you can set the x-sailpoint-experimental header to `true' to enable all experimantl endpoints within the SDK. Example:

  configuration = Configuration()
configuration.experimental = True

List password policies This gets list of all Password Policies. Requires role of ORG_ADMIN

API Spec

Path Parameters

Other Parameters

Other parameters are passed through a pointer to a apiListPasswordPoliciesRequest struct via the builder pattern

NameTypeDescriptionNotes
xSailPointExperimentalstringUse this header to enable this experimental API.[default to "true"]
limitint32Max number of results to return. See V3 API Standard Collection Parameters for more information.[default to 250]
offsetint32Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.[default to 0]
countboolIf true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.[default to false]

Return type

[]PasswordPolicyV3Dto

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

package main

import (
"context"
"fmt"
"os"


sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)

func main() {
xSailPointExperimental := `true` // string | Use this header to enable this experimental API. (default to "true") # string | Use this header to enable this experimental API. (default to "true")
limit := 250 // int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250) # int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
offset := 0 // int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0) # int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
count := true // bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to false) # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to false)



configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.V2025.PasswordPoliciesAPI.ListPasswordPolicies(context.Background()).XSailPointExperimental(xSailPointExperimental).Execute()
//resp, r, err := apiClient.V2025.PasswordPoliciesAPI.ListPasswordPolicies(context.Background()).XSailPointExperimental(xSailPointExperimental).Limit(limit).Offset(offset).Count(count).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PasswordPoliciesAPI.ListPasswordPolicies``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `ListPasswordPolicies`: []PasswordPolicyV3Dto
fmt.Fprintf(os.Stdout, "Response from `PasswordPoliciesAPI.ListPasswordPolicies`: %v\n", resp)
}

[Back to top]

set-password-policy

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

setting x-sailpoint-experimental header

on the configuration object you can set the x-sailpoint-experimental header to `true' to enable all experimantl endpoints within the SDK. Example:

  configuration = Configuration()
configuration.experimental = True

Update password policy by id This API updates the specified password policy.

API Spec

Path Parameters

NameTypeDescriptionNotes
ctxcontext.Contextcontext for authentication, logging, cancellation, deadlines, tracing, etc.
idstringThe ID of password policy to update.

Other Parameters

Other parameters are passed through a pointer to a apiSetPasswordPolicyRequest struct via the builder pattern

NameTypeDescriptionNotes

xSailPointExperimental | string | Use this header to enable this experimental API. | [default to "true"] passwordPolicyV3Dto | PasswordPolicyV3Dto | |

Return type

PasswordPolicyV3Dto

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

package main

import (
"context"
"fmt"
"os"
"encoding/json"
v2025 "github.com/sailpoint-oss/golang-sdk/v2/api_v2025"
sailpoint "github.com/sailpoint-oss/golang-sdk/v2"
)

func main() {
id := `ff808081838d9e9d01838da6a03e0007` // string | The ID of password policy to update. # string | The ID of password policy to update.
xSailPointExperimental := `true` // string | Use this header to enable this experimental API. (default to "true") # string | Use this header to enable this experimental API. (default to "true")
passwordpolicyv3dto := []byte(`{
"validateAgainstAccountName" : true,
"minLength" : 8,
"description" : "Information about the Password Policy",
"requireStrongAuthUntrustedGeographies" : true,
"enablePasswdExpiration" : true,
"minNumeric" : 8,
"lastUpdated" : 1939056206564,
"validateAgainstAccountId" : false,
"dateCreated" : 1639056206564,
"accountNameMinWordLength" : 6,
"minUpper" : 8,
"firstExpirationReminder" : 45,
"modified" : "modified",
"id" : "2c91808e7d976f3b017d9f5ceae440c8",
"requireStrongAuthn" : true,
"useDictionary" : false,
"minSpecial" : 8,
"sourceIds" : [ "2c91808382ffee0b01830de154f14034", "2f98808382ffee0b01830de154f12134" ],
"passwordExpiration" : 8,
"maxRepeatedChars" : 3,
"minCharacterTypes" : 5,
"minAlpha" : 5,
"created" : "created",
"useAccountAttributes" : false,
"accountIdMinWordLength" : 4,
"minLower" : 8,
"useIdentityAttributes" : false,
"defaultPolicy" : true,
"requireStrongAuthOffNetwork" : true,
"name" : "PasswordPolicy Example",
"maxLength" : 25
}`) // PasswordPolicyV3Dto |

var passwordPolicyV3Dto v2025.PasswordPolicyV3Dto
if err := json.Unmarshal(passwordpolicyv3dto, &passwordPolicyV3Dto); err != nil {
fmt.Println("Error:", err)
return
}


configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.V2025.PasswordPoliciesAPI.SetPasswordPolicy(context.Background(), id).XSailPointExperimental(xSailPointExperimental).PasswordPolicyV3Dto(passwordPolicyV3Dto).Execute()
//resp, r, err := apiClient.V2025.PasswordPoliciesAPI.SetPasswordPolicy(context.Background(), id).XSailPointExperimental(xSailPointExperimental).PasswordPolicyV3Dto(passwordPolicyV3Dto).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PasswordPoliciesAPI.SetPasswordPolicy``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
// response from `SetPasswordPolicy`: PasswordPolicyV3Dto
fmt.Fprintf(os.Stdout, "Response from `PasswordPoliciesAPI.SetPasswordPolicy`: %v\n", resp)
}

[Back to top]