pw-policy.html.md.erb

---
breadcrumb: Pivotal Cloud Foundry Documentation
title: Configuring UAA Password Policy
owner: Identity
---

<strong><%= modified_date %></strong>

If your Pivotal Cloud Foundry (PCF) deployment uses the internal user store for authentication, you can configure its password policy within the Pivotal Elastic Runtime tile.

##<a id="config-access"></a>Open the Internal UAA Configuration

1. In a browser, navigate to the fully qualified domain name (FQDN) of your Ops Manager and log in.

1. Click the **Pivotal Elastic Runtime** tile.

1. Select **Authentication and Enterprise SSO** on the **Settings** tab.

	<%= image_tag("er17-config-authsso-pw.png") %>

1. Confirm that the **Internal UAA** option is selected.

##<a id="pw-requirements"></a>Set Password Requirements

1. For **Minimum Password Length**, enter the minimum number of characters for a valid password.
1. For **Minimum Uppercase Characters Required for Password**, enter the minimum number of uppercase characters required for a valid password.
1. For **Minimum Lowercase Characters Required for Password**, enter the minimum number of lowercase characters required for a valid password.
1. For **Minimum Numerical Digits Required for Password**, enter the minimum number of digits required for a valid password.
1. For **Minimum Special Characters Required for Password**, enter the minimum number of special characters required for a valid password.

##<a id="pw-expire-attempts"></a>Set Password Expiration and Entry Attempts

1. For **Number of Months Before Password Expires**, enter the number of months a password remains valid. Enter `0` if you want passwords to never expire.
1. For **Maximum Password Entry Attempts Allowed**, enter the maximum number of failures allowed to enter a password within a five-minute timespan before the account is locked.