AuthX Portal Guide

Policies

Posted authxwp

(Role Required: Owner, Administrator, Application Manager, Help Desk)

Policies can be assigned to applications to lower risk.

Default Global Policies

Policies are rules which can be custom made to suit an application or a set of users. Every company by default has a default global policy. This policy cannot be made inactive. The policy can however be edited. A default global policy will be applied to all users and applications if no other custom policy is assigned. There can only be one global policy present. The following should be the global policy-

  1. Policy Name: Default Global Policy

  2. AD Domain: No Restrictions

  3. Email Domain: No Restrictions

  4. Operating Systems: No Restrictions

  5. Browsers: No Restrictions

  6. Anonymous Networks: No Restrictions

Policy Components

  1. Policy Name

    1. Policy Name is unique for a company. Administrator can name a newly created policy in this field.

    2. This field is mandatory to create a policy.

  2. Status

    1. Status for a policy can be set as Active or Inactive.

    2. Every policy by default is active.

    3. A policy whose status is inactive cannot be assigned to any applications.

    4. If a policy is already assigned to an application, then the policy cannot be set to inactive.

  3. AD Domain

    1. Certain Active Directory Domains can be either allowed or blocked.

    2. Multiple domains can be allowed or blocked.

    3. By default, all the AD Domains are allowed.

    4. When the user is trying to authenticate with a blocked AD Domain, the user is not allowed to authenticate and is given a message in the pop up saying- “ Policy Failed.”

  4. Email Domain

    1. Email Domain can be either allowed or blocked.

    2. Multiple email domains can be allowed or blocked.

    3. By default, all the email domains are allowed.

    4. When the user is trying to authenticate with a blocked email domain, the user is not allowed to authenticate and is given a message in the pop up saying- “Policy Failed.”

  5. Operating Systems

    1. Operating systems that will be checked against are Windows and Mac.

    2. The admin is given the option to either allow all versions or block all versions of the OS.

    3. By default, all versions of the OS are allowed.

    4. When a user tries to authenticate himself with a version of Windows or Mac which is blocked, then the user sees a message in the pop up saying- “Policy Failed.”

  6. Mobile Operating Systems

    1. Mobile OS that will be checked against are Android and iOS.

    2. The admin is given the option to either allow all version or block all versions of the mobile OS.

    3. If in the company’s mobile settings, Latest Version of Mobile OS has been enabled, then the mobile OS component will be determined by the company’s mobile setting only and not from the policy

    4. By default, the company’s mobile settings are enforced is that is enabled, or all versions of the mobile OS are allowed.

  7. When a user tries to authenticate himself with a version which is blocked or not the latest version, then the user sees a message in the pop up saying- “Policy Failed.” A user might see this message when he trying to use push to authenticate.

  8. Browsers

    1. Browsers list all the types of the browsers. If a browser is checked, that browser will be blocked.

    2. By default, all the browsers are allowed.

    3. When a user tries to authenticate himself with a browser which is blocked, the user sees a message in the pop up saying- “Policy Failed.”

  9. Anonymous Networks

    1. Anonymous networks like- proxies, TOR or VPN can be allowed or blocked by the admin.

    2. By default, all the anonymous networks are allowed.

    3. When a user tries to authenticate on a blocked network, the user sees a message in the pop up saying- “Policy Failed”

  10. IP Range

    1. An IP range or a single IP address can be allowed or blocked.

    2. Multiple IP ranges or IP addresses can be allowed or blocked.

    3. By default, all IP ranges are allowed.

    4. When a user tries to authenticate with a blocked IP address, the user sees a message in the pop up saying- “Access is not allowed because your IP address is blocked by your company’s policy.”

  11. User Location

    1. User Location of a user will be obtained through a country lookup on the IP range of the user. A country can be allowed or blocked.

    2. By default, all countries are allowed.

    3. When a user tries to authenticate with a blocked country, the user sees a message in the pop up saying- “Access is not allowed because your country is blocked by your company’s policy.”

  12. Authentication Factor

    1. By default, all authentication factors are enabled

    2. User can either enable / disable the authentication factors here

    3. Disabled authentication factors should not display in Confirm your identity screen