What is a Authentication Policy :
An Authentication Policy binds an Application to a User Group so they can access the application. While creating a new policy, the admin has to
choose the application for which they want to create the new policy along with the User Group they want to attach that policy with.The admins can
also choose if they want to enable Multi-Factor Authentication or Adaptive Authentication for the policy.
In case, multiple policies are created for an application with multiple groups and the user is part of all of these groups then a weight based algorithm
finds the policy with the highest score for the login session. Policies with custom groups are given priority over policies with the DEFAULT group.
The image below shows how the policy works in a login flow.
Few thing to note about policies :
- You can create only one policy for an application with a specific group.
- You can create multiple policies for an application with multiple groups.
You Have to configure the following options while adding a new Policy :
|Application||The application for which you want to add the policy|
|Group Name||The Group with which you want to bind the application.|
|Policy Name||A unique name for the policy so it can be identified from the list of policies.|
|Login Method||The authentication method for Users. You can choose
|Enable 2-Factor Authentication (MFA)||Enable this option if you want to enable MFA on top of the user authentication.
Note: Can be only used with Password as the login method.
|Enable Adaptive Authentication||Enable this option if you want to enable Adaptive Authentication on top of the user authentication. The type of Adaptive Authentication and the Adaptive Authentication Policy has to be configured in this case.
Note. Either MFA or Adaptive Authentication can be enabled in a policy and not both.
- This section allows you to define and assign access policies to all the configured apps. You can add a policy to the required app for
all users or for a specific group of users.
- You can click on Edit to change the existing policy on any app.
- Click on Add Policy. You can also enforce Two factor and adaptive authentication policies for individual.