Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though.
Wouldn't the below suffice for regex? Thus avoiding needing custom work for the short-term?
Password should be changed in every 60 days (configurable)
Yes
If user enters password wrong three times account is locked out for 15 min (configurable)
Yes
Password chosen should not be previous 24 passwords
Yes
Password should have a letter and a number
Yes
Password should not have consecutive letters
Maybe, if you can come up with a way to write that as regex (probably not though). We'll add ability to create custom password policies in the future though.
Inactivity:
Application session inactivity - default is 45 minutes (can be configured)
Yes, you can configure idle timeout for a session. Idle for a session is if there are no app logins or token refreshes
Account inactivity - account inactivity is 30 days default (configurable)