If you want to reduce the burden of 2fa on your users and also want to add the extra layer of security ,you can do that by configuring adaptive authentication methods. With miniOrange you can set adaptive methods differently for admin and users.
How to Add a new Adaptive Authentication Policy
In this restriction method admin configures a list of IP addresses to allow or deny access on and when a user tries to login into any of the applications configured with adaptive authentication, his IP address is checked against the configured IP list and based on that the action is decided as per the configuration (.i.e. Allow, Deny or Challenge).
How to configure IP Restriction :
In this restriction method admin allow end-users to add a fixed number of devices as Trusted devices for their account(A device here refers to a Browser Session). Once a device is registered for a user, then that user will be allowed to login without any Restriction (This works with all other Restriction methods also). If the users registered Device exceeds the total registered device limit specified by the admin,In that case the user will be either Challenged or Denied as specified in the policy by the admin.
How to configure Device Based Restriction
In this restriction method admin configures a list of locations where we want to allow end-users to either login or deny based on the condition set by the admin. When a user tries to login with adaptive authentication enabled, his Location Attributes such as (Latitude, Longitude and Country Code) are verified against the Location list configured by the admin. And based on this user will be either allowed, challenged or denied.
How to configure Location Based Restriction
In this restriction method admin configures a time zone with Start and End Time’s for that time zone and users are either allowed, denied or challenged based on the condition in the policy. When an end-user tries to login with the adaptive authentication enabled, his time zone related attributes such as Time-Zone and Current System Time are verified against the list configured by the admin and based on the configuration the user is either allowed, denied or challenged.
How to configure Time Based Restriction
|Allow||Allow user to authenticate and use services if Adaptive authentication condition is true.|
|Challenge||Challenege users with one of the three methods mentioned below for verifying user authenticity.|
|Deny||Deny user authentications and access to services if Adaptive authentication condition is true.|
|User second Factor||The User needs to authenticate using the second factor he has opted or assigned for such as
|Security Questions||The System will ask the user for 2 of 3 questions he has configured in his Self Service Console. Only after the right answer to both questions is the user is allowed to proceed further.|
|OTP over Alternate Email||User will recieve a OTP on the alternate email he has configured threw Self Service Conolse. Once user provides the correct OTP he is allowed to proceed further.|
This section handles the notifications and alerts related to Adaptive Authentication.It provides the following options :
|Challenge Completed and Device Registered||Enabling this option allows you to send an email alert when an end-user completes a challenge and registers a device.|
|Challenge Completed but Device Not Registered||Enabling this option allows you to send an email alert when an end-user completes a challenge but do not registers the device.|
|Challenge Failed||Enabling this option allows you to send an email alert when an end-user fails to complete the challenge.|
Need Help? We are right here!