"create"
********

* Description

* Usage

* Required Parameters

* Optional Parameters

* Global Parameters

* Example using required parameter


Description
===========

Create a password policy.

The top level –endpoint parameter must be supplied for this operation.


Usage
=====

   oci identity-domains password-policy create [OPTIONS]


Required Parameters
===================

--name [text]

A String that is the name of the policy to display to the user. This
is the only mandatory attribute for a password policy.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: true  -
multiValued: false  - mutability: immutable  - required: true  -
returned: always  - type: string  - uniqueness: server

--schemas [complex type]

REQUIRED. The schemas attribute is an array of Strings which allows
introspection of the supported schema version for a SCIM
representation as well any schema extensions supported by that
representation. Each String value must be a unique URI. This
specification defines URIs for User, Group, and a standard
“enterprise” extension. All representations of SCIM schema MUST
include a non-zero value array with value(s) of the URIs supported by
that representation. Duplicate values MUST NOT be included. Value
order is not specified and MUST not impact behavior.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: false  -
multiValued: true  - mutability: readWrite  - required: true  -
returned: default  - type: string  - uniqueness: none This is a
complex type whose value must be valid JSON. The value can be provided
as a string on the command line or passed in as a file using the
file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.


Optional Parameters
===================

--allowed-chars [text]

A String value whose contents indicate a set of characters that can
appear, in any sequence, in a password value

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--attribute-sets [text]

A multi-valued list of strings indicating the return type of attribute
definition. The specified set of attributes can be fetched by the
return type of the attribute. One or more values can be given together
to fetch more than one group of attributes. If ‘attributes’ query
parameter is also available, union of the two is fetched. Valid values
- all, always, never, request, default. Values are case-insensitive.

Accepted values are:

   all, always, default, never, request

--attributes [text]

A comma-delimited string that specifies the names of resource
attributes that should be returned in the response. By default, a
response that contains resource attributes contains only attributes
that are defined in the schema for that resource type as
returned=always or returned=default. An attribute that is defined as
returned=request is returned in a response only if the request
specifies its name in the value of this query parameter. If a request
specifies this query parameter, the response contains the attributes
that this query parameter specifies, as well as any attribute that is
defined as returned=always.

--authorization [text]

The Authorization field value consists of credentials containing the
authentication information of the user agent for the realm of the
resource being requested.

--compartment-ocid [text]

OCI Compartment Id (ocid) in which the resource lives.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: false  -
multiValued: false  - mutability: readOnly  - required: false  -
returned: default  - type: string  - uniqueness: none

--configured-password-policy-rules [complex type]

List of password policy rules that have values set. This map of
stringKey:stringValue pairs can be used to aid users while
setting/resetting password

**SCIM++ Properties:**  - caseExact: false  - idcsCompositeKey: [key]
- multiValued: true  - mutability: readOnly  - required: false  -
returned: request  - type: complex  - uniqueness: none

This option is a JSON list with items of type
PasswordPolicyConfiguredPasswordPolicyRules.  For documentation on
PasswordPolicyConfiguredPasswordPolicyRules please see our API
reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/
datatypes/PasswordPolicyConfiguredPasswordPolicyRules. This is a
complex type whose value must be valid JSON. The value can be provided
as a string on the command line or passed in as a file using the
file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--delete-in-progress [boolean]

A boolean flag indicating this resource in the process of being
deleted. Usually set to true when synchronous deletion of the resource
would take too long.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: true  -
multiValued: false  - mutability: readOnly  - required: false  -
returned: default  - type: boolean  - uniqueness: none

--description [text]

A String that describes the password policy

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--dictionary-delimiter [text]

A delimiter used to separate characters in the dictionary file

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--dictionary-location [text]

A Reference value that contains the URI of a dictionary of words not
allowed to appear within a password value

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--dictionary-word-disallowed [boolean]

Indicates whether the password can match a dictionary word

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
boolean  - uniqueness: none

--disallowed-chars [text]

A String value whose contents indicate a set of characters that cannot
appear, in any sequence, in a password value

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--disallowed-substrings [complex type]

A String value whose contents indicate a set of substrings that cannot
appear, in any sequence, in a password value

**SCIM++ Properties:**  - caseExact: false  - multiValued: true  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none This is a complex type whose value must be
valid JSON. The value can be provided as a string on the command line
or passed in as a file using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--disallowed-user-attribute-values [complex type]

List of User attributes whose values are not allowed in the password.

**Added In:** 2303212224

**SCIM++ Properties:**  - idcsSearchable: false  - multiValued: true
- mutability: readWrite  - required: false  - returned: default  -
type: string  - uniqueness: none This is a complex type whose value
must be valid JSON. The value can be provided as a string on the
command line or passed in as a file using the file://path/to/file
syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--distinct-characters [integer]

The number of distinct characters between old password and new
password

**Added In:** 2303212224

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--domain-ocid [text]

OCI Domain Id (ocid) in which the resource lives.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: false  -
multiValued: false  - mutability: readOnly  - required: false  -
returned: default  - type: string  - uniqueness: none

--external-id [text]

An identifier for the Resource as defined by the Service Consumer. The
externalId may simplify identification of the Resource between Service
Consumer and Service Provider by allowing the Consumer to refer to the
Resource with its own identifier, obviating the need to store a local
mapping between the local identifier of the Resource and the
identifier used by the Service Provider. Each Resource MAY include a
non-empty externalId value. The value of the externalId attribute is
always issued by the Service Consumer and can never be specified by
the Service Provider. The Service Provider MUST always interpret the
externalId as scoped to the Service Consumer’s tenant.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--first-name-disallowed [boolean]

Indicates a sequence of characters that match the user’s first name of
given name cannot be the password. Password validation against policy
will be ignored if length of first name is less than or equal to 3
characters.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
boolean  - uniqueness: none

--force-password-reset [boolean]

Indicates whether all of the users should be forced to reset their
password on the next login (to comply with new password policy
changes)

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: writeOnly  - required: false  - returned: never  - type:
boolean  - uniqueness: none

--from-json [text]

Provide input to this command as a JSON document from a file using the
file://path-to/file syntax.

The "--generate-full-command-json-input" option can be used to
generate a sample json file to be used with this command option. The
key names are pre-populated and match the command option names
(converted to camelCase format, e.g. compartment-id –> compartmentId),
while the values of the keys need to be populated by the user before
using the sample file as an input to this command. For any command
option that accepts multiple values, the value of the key can be a
JSON array.

Options can still be provided on the command line. If an option exists
in both the JSON document and the command line then the command line
specified value will be used.

For examples on usage of this option, please see our “using CLI with
advanced JSON options” link: https://docs.cloud.oracle.com/iaas/Conte
nt/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

--groups [complex type]

A list of groups that the password policy belongs to.

**Added In:** 20.1.3

**SCIM++ Properties:**  - caseExact: false  - idcsCompositeKey:
[value]  - idcsSearchable: true  - multiValued: true  - mutability:
readWrite  - required: false  - returned: default  - type: complex  -
uniqueness: none

This option is a JSON list with items of type PasswordPolicyGroups.
For documentation on PasswordPolicyGroups please see our API
reference: https://docs.cloud.oracle.com/api/#/en/identitydomains/v1/
datatypes/PasswordPolicyGroups. This is a complex type whose value
must be valid JSON. The value can be provided as a string on the
command line or passed in as a file using the file://path/to/file
syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--id [text]

Unique identifier for the SCIM Resource as defined by the Service
Provider. Each representation of the Resource MUST include a non-empty
id value. This identifier MUST be unique across the Service Provider’s
entire set of Resources. It MUST be a stable, non-reassignable
identifier that does not change when the same Resource is returned in
subsequent requests. The value of the id attribute is always issued by
the Service Provider and MUST never be specified by the Service
Consumer. bulkId: is a reserved keyword and MUST NOT be used in the
unique identifier.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: true  -
multiValued: false  - mutability: readOnly  - required: false  -
returned: always  - type: string  - uniqueness: global

--idcs-created-by [complex type]

This is a complex type whose value must be valid JSON. The value can
be provided as a string on the command line or passed in as a file
using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--idcs-last-modified-by [complex type]

This is a complex type whose value must be valid JSON. The value can
be provided as a string on the command line or passed in as a file
using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--idcs-last-upgraded-in-release [text]

The release number when the resource was upgraded.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: false  -
multiValued: false  - mutability: readOnly  - required: false  -
returned: request  - type: string  - uniqueness: none

--idcs-prevented-operations [text]

Each value of this attribute specifies an operation that only an
internal client may perform on this particular resource.

**SCIM++ Properties:**  - idcsSearchable: false  - multiValued: true
- mutability: readOnly  - required: false  - returned: request  -
type: string  - uniqueness: none

Accepted values are:

   delete, replace, update

--last-name-disallowed [boolean]

Indicates a sequence of characters that match the user’s last name of
given name cannot be the password. Password validation against policy
will be ignored if length of last name is less than or equal to 3
characters.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
boolean  - uniqueness: none

--lockout-duration [integer]

The time period in minutes to lock out a user account when the
threshold of invalid login attempts is reached. The available range is
from 5 through 1440 minutes (24 hours).

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--max-incorrect-attempts [integer]

An integer that represents the maximum number of failed logins before
an account is locked

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--max-length [integer]

The maximum password length (in characters). A value of 0 or no value
indicates no maximum length restriction.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: true  -
multiValued: false  - mutability: readWrite  - required: false  -
returned: default  - type: integer  - uniqueness: none

--max-repeated-chars [integer]

The maximum number of repeated characters allowed in a password.  A
value of 0 or no value indicates no such restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--max-special-chars [integer]

The maximum number of special characters in a password.  A value of 0
or no value indicates no maximum special characters restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--meta [complex type]

This is a complex type whose value must be valid JSON. The value can
be provided as a string on the command line or passed in as a file
using the file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--min-alpha-numerals [integer]

The minimum number of a combination of alphabetic and numeric
characters in a password.  A value of 0 or no value indicates no
minimum alphanumeric character restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-alphas [integer]

The minimum number of alphabetic characters in a password.  A value of
0 or no value indicates no minimum alphas restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-length [integer]

The minimum password length (in characters). A value of 0 or no value
indicates no minimum length restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-lower-case [integer]

The minimum number of lowercase alphabetic characters in a password.
A value of 0 or no value indicates no minimum lowercase restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-numerals [integer]

The minimum number of numeric characters in a password.  A value of 0
or no value indicates no minimum numeric character restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-password-age [integer]

Minimum time after which the user can resubmit the reset password
request

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-special-chars [integer]

The minimum number of special characters in a password. A value of 0
or no value indicates no minimum special characters restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-unique-chars [integer]

The minimum number of unique characters in a password.  A value of 0
or no value indicates no minimum unique characters restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--min-upper-case [integer]

The minimum number of uppercase alphabetic characters in a password. A
value of 0 or no value indicates no minimum uppercase restriction.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--num-passwords-in-history [integer]

The number of passwords that will be kept in history that may not be
used as a password

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--ocid [text]

Unique OCI identifier for the SCIM Resource.

**SCIM++ Properties:**  - caseExact: true  - idcsSearchable: true  -
multiValued: false  - mutability: immutable  - required: false  -
returned: default  - type: string  - uniqueness: global

--password-expire-warning [integer]

An integer indicating the number of days before which the user should
be warned about password expiry.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--password-expires-after [integer]

The number of days after which the password expires automatically

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - uniqueness: none

--password-strength [text]

Indicates whether the password policy is configured as Simple,
Standard, or Custom.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

Accepted values are:

   Custom, Simple, Standard

--priority [integer]

Password policy priority

**Added In:** 20.1.3

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
integer  - idcsMinValue: 1  - uniqueness: server

--required-chars [text]

A String value whose contents indicate a set of characters that must
appear, in any sequence, in a password value

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
string  - uniqueness: none

--resource-type-schema-version [text]

An endpoint-specific schema version number to use in the Request.
Allowed version values are Earliest Version or Latest Version as
specified in each REST API endpoint description, or any sequential
number inbetween. All schema attributes/body parameters are a part of
version 1. After version 1, any attributes added or deprecated will be
tagged with the version that they were added to or deprecated in. If
no version is provided, the latest schema version is returned.

--starts-with-alphabet [boolean]

Indicates that the password must begin with an alphabetic character

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
boolean  - uniqueness: none

--tags [complex type]

A list of tags on this resource.

**SCIM++ Properties:**  - idcsCompositeKey: [key, value]  -
idcsSearchable: true  - multiValued: true  - mutability: readWrite  -
required: false  - returned: request  - type: complex  - uniqueness:
none

This option is a JSON list with items of type Tags.  For documentation
on tags please see our API reference: https://docs.cloud.oracle.com/a
pi/#/en/identitydomains/v1/datatypes/Tags. This is a complex type
whose value must be valid JSON. The value can be provided as a string
on the command line or passed in as a file using the
file://path/to/file syntax.

The "--generate-param-json-input" option can be used to generate an
example of the JSON which must be provided. We recommend storing this
example in a file, modifying it as needed and then passing it back in
via the file:// syntax.

--tenancy-ocid [text]

OCI Tenant Id (ocid) in which the resource lives.

**SCIM++ Properties:**  - caseExact: false  - idcsSearchable: false  -
multiValued: false  - mutability: readOnly  - required: false  -
returned: default  - type: string  - uniqueness: none

--user-name-disallowed [boolean]

Indicates a sequence of characters that match the username cannot be
the password. Password validation against policy will be ignored if
length of user name is less than or equal to 3 characters.

**SCIM++ Properties:**  - caseExact: false  - multiValued: false  -
mutability: readWrite  - required: false  - returned: default  - type:
boolean  - uniqueness: none


Global Parameters
=================

Use "oci --help" for help on global parameters.

"--auth-purpose", "--auth", "--cert-bundle", "--cli-auto-prompt", "--
cli-rc-file", "--config-file", "--connection-timeout", "--debug", "--
defaults-file", "--endpoint", "--generate-full-command-json-input", "
--generate-param-json-input", "--help", "--latest-version", "--max-
retries", "--no-retry", "--opc-client-request-id", "--opc-request-id",
"--output", "--profile", "--proxy", "--query", "--raw-output", "--
read-timeout", "--realm-specific-endpoint", "--region", "--release-
info", "--request-id", "--version", "-?", "-d", "-h", "-i", "-v"


Example using required parameter
================================

Copy and paste the following example into a JSON file, replacing the
example parameters with your own.

       oci identity-domains password-policy create --generate-param-json-input schemas > schemas.json

Copy the following CLI commands into a file named example.sh. Run the
command by typing “bash example.sh” and replacing the example
parameters with your own.

Please note this sample will only work in the POSIX-compliant bash-
like shell. You need to set up the OCI configuration and appropriate
security policies before trying the examples.

       export name=<substitute-value-of-name> # https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/identity-domains/password-policy/create.html#cmdoption-name

       oci identity-domains password-policy create --name $name --schemas file://schemas.json
