MFA Guides

Edit Policy

The Edit Policy dialog allows administrators to define global policies for a specific FQDN associated with RapidIdentity Server.

After selecting the desired configurations, click Save or Cancel to discard.

Each configuration option is summarized in the corresponding tables below.

Policies_4.png
Table 38. Edit Policy

Method

Description

Logon Experience

Logon Experience defines the logon tile options a user will be presented within Windows logon and SharedWorkstation. Only the boxes checked will be displayed.

Disable Username &Password Tile

Disable Username & Password Tile defines whether or not the Username and Password tile is displayed. The options are: Never, Only at Logon, At Logon & Unlock Screens, & Only at Unlock Screen.

Emergency Access

Emergency Access defines the options available after successfully authenticating using the Emergency Access method. Only the options checked will be displayed.

RapidIdentity Windows Logon

RapidIdentity Windows Logon determines whether the RapidIdentity credential providers defined in Logon Experience will be displayed at Windows Logon. Disabling this setting will prevent all RapidIdentity logon methods from being available for Windows Logon.

PingMe Requires User Password

PingMe Requires User Password determines if users, who are using the PingMe authentication method, must also user their password.

PingMe Requires User Password determines if users, who are using the PingMe authentication method, must also user their password.Force dropdown to default to this domain

This option allows administrators to determine which of the possible authentication domains displays first in the dropdown menu.

Allow users to update their password through the client

Administrators can choose to have this option enabled or disabled.

Allow the enrollment tile to create new users in server

Administrators can choose to have this option enabled or disabled.

Risk Based Authentication

Risk Based Authentication defines whether a user will be prompted to use Advanced Authentication to Logon to their Windows Profile. Advanced Authentication is any logon option other than username and password. When Risk Based Authentication (RBA) triggers, the workstation will be locked, and the username and password logon option will not be available.

RBA Token Expiration (in days)

RBA Token Expiration (in days) defines the period of time that can pass before a user is required to use advanced authentication to logon. For example, if RBA Token Expiration is set for 10 days, a user will be required to use advanced authentication once at logon, then will not be prompted again for 10 days. During that period they can use Username and Password. Each time Advanced Authentication is used, the expiration counter resets.

RBA VPN Override

RBA VPN Override defines whether or not administrators will allow RBA to be disabled to allow a VPN connection. Once a VPN connection is established. RBA will prompt for an advanced authentication.

RBA Show Password Only First

RBA Show Password Only First requires initial logon using username and password exclusively, then if enabled RBA triggers and requires the user to use advanced authentication to continue the logon process.

RBA Show Notification

RBA Show Notification will notify the user logging in if RBA is needed.

RBA PIN Expiration Timeout

Administrators can enter the value to match the RBA PIN Expiration Type.

RBA PIN Expiration Type

Administrators can choose either days, hours, minutes, or seconds as the configuration unit.