Help Center> Identity and Access Management> API Reference> API> Security Settings> Modifying the Login Authentication Policy

Updated on 2023-07-05 GMT+08:00

View PDF

Modifying the Login Authentication Policy

Function

This API is provided for the administrator to modify the login authentication policy.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy

**Table 1** URI parameters
Parameter	Mandatory	Type	Description
domain_id	Yes	String	Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions.

**Table 3** Parameter in the request body
Parameter	Mandatory	Type	Description
login_policy	Yes	object	Login authentication policy.

**Table 4** login_policy
Parameter	Mandatory	Type	Description
account_validity_period	No	Integer	Validity period (days) to disable users if they have not logged in within the period. Value range: 0–240.
custom_info_for_login	No	String	Custom information that will be displayed upon successful login.
lockout_duration	No	Integer	Duration (minutes) to lock users out. Value range: 15–30.
login_failed_times	No	Integer	Number of unsuccessful login attempts to lock users out. Value range: 3–10.
period_with_login_failures	No	Integer	Period (minutes) to count the number of unsuccessful login attempts. Value range: 15–60.
session_timeout	No	Integer	Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period. Value range: 15–1440.
show_recent_login_info	No	Boolean	Indicates whether to display last login information upon successful login. The value can be true or false.

Response Parameters

**Table 5** Parameters in the response body
Parameter	Type	Description
login_policy	object	Login authentication policy.

**Table 6** login_policy
Parameter	Type	Description
account_validity_period	Integer	Validity period (days) to disable users if they have not logged in within the period.
custom_info_for_login	String	Custom information that will be displayed upon successful login.
lockout_duration	Integer	Duration (minutes) to lock users out.
login_failed_times	Integer	Number of unsuccessful login attempts to lock users out.
period_with_login_failures	Integer	Period (minutes) to count the number of unsuccessful login attempts.
session_timeout	Integer	Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period.
show_recent_login_info	Boolean	Indicates whether to display last login information upon successful login.

Example Request

Request for modifying the login authentication policy to the following: The period to count the number of unsuccessful login attempts is 15 minutes, an account that has not been logged in within 99 days will be locked out, the number of login failures within the login duration is 3, the login session expiration time is 16 minutes, and the last login information is displayed.

PUT https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy 
 
{ 
  "login_policy" : { 
    "custom_info_for_login" : "", 
    "period_with_login_failures" : 15, 
    "lockout_duration" : 15, 
    "account_validity_period" : 99, 
    "login_failed_times" : 3, 
    "session_timeout" : 16, 
    "show_recent_login_info" : true 
  } 
}

Example Response

Status code: 200

The request is successful.

{ 
  "login_policy" : { 
    "custom_info_for_login" : "", 
    "period_with_login_failures" : 15, 
    "lockout_duration" : 15, 
    "account_validity_period" : 99, 
    "login_failed_times" : 3, 
    "session_timeout" : 16, 
    "show_recent_login_info" : true 
  } 
}

Status code: 400

The request body is abnormal.

Example 1

{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }

Example 2

{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 403

Access denied.

{ 
  "error_msg" : "You are not authorized to perform the requested action.", 
  "error_code" : "IAM.0002" 
}

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code	Description
200	The request is successful.
400	The request body is abnormal.
401	Authentication failed.
403	Access denied.
500	The system is abnormal.

Error Codes

For details, see Error Codes.

Parent topic: Security Settings

Previous topic: Querying the Password Policy of an Account

Next topic: Querying the Login Authentication Policy

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot