Need Help? We are right here!
An Authentication Policy binds an Application to a User Group so they can access the application. While creating a new policy, the admin has to choose the application for which they want to create the new policy along with the User Group they want to attach that policy with.The admins can also choose if they want to enable Multi-Factor Authentication or Adaptive Authentication for the policy.
In case, multiple policies are created for an application with multiple groups and the user is part of all of these groups then a weight based algorithm
finds the policy with the highest score for the login session. Policies with custom groups are given priority over policies with the DEFAULT group.
The image below shows how the policy works in a login flow.
Few thing to note about policies :
You have to configure the following options while adding a new Policy :
|The application for which you want to add the policy
|The Group with which you want to bind the application.
|A unique name for the policy so it can be identified from the list of policies.
|The authentication method for Users. You can choose
|Enable 2-Factor Authentication (MFA)
|Enable this option if you want to enable MFA on top of the user authentication. Note: Can be only used with Password as the login method.
|Enable Adaptive Authentication
|Enable this option if you want to enable Adaptive Authentication on top of the user authentication. The type of Adaptive Authentication and the Adaptive Authentication Policy has to be configured in this case. Note. Either MFA or Adaptive Authentication can be enabled in a policy and not both.