Before you begin
If your policy depends on another SOTI Identity component, such as setting up an authentication factor, complete that process before you add a policy.
About this task
Create a policy that authenticates a users identity when they log in to SOTI Identity.
Procedure
-
In the SOTI Identity console, open the main menu and select
Policies.
-
Select . The New Authentication Policy wizard
opens.
-
Enter a name for the policy.
-
Select
Add to set up the Multi Factor Authentication
(MFA). Choose at least one authentication factor from the list.
Note: If you add many authentication factors, users can choose which one
to use to log into SOTI Identity.
-
Select Next.
- Optional:
In the Conditions tab, configure conditions that apply
to this policy.
-
To exclude users based on their IP address, turn on the IP
Address toggle and enter an IP address. You can also
block IP addresses within a range. Choose IP
Range from the list and then enter the range limits.
Select
Add to add more addresses or ranges.
Users accessing
SOTI Identity from a specified
IP address or within the IP address range are not subject to multifactor
authentication.
Note: IP addresses must be in IPv4
format. IPv6 is not supported.
-
To enforce MFA when a user logs in from a different location, turn on
the Location toggle. When enabled, SOTI Identity reviews the location of the user’s login
and compares it with the last login location. If the location is
different, MFA applies before login.
-
To enforce MFA based on a travel velocity calculation, turn on the
Velocity toggle. When enabled, SOTI Identity compares the last login location and time
to the new one. If reaching the new login location within the given time
is physically impossible, MFA applies before login.
-
Select Next.
-
In the Assign Policy tab, select the user and user
groups that this policy applies to.
-
Choose SOTI Identity or
External Directory.
You can add both local SOTI accounts and
external directory accounts to the same policy.
-
Under Assigned User Groups, select
Add to open a menu where you can add users
(directory only) or user groups.
When you add directory users and user groups, you also need to specify
a directory connection.
-
Select Add to save the policy.
Results
The new policy is immediately active and applies the next time a user logs into a SOTI ONE app.
You can edit or delete policies at any point.