Add an Authentication Policy

Before you begin

If your policy depends on another SOTI Identity component, such as setting up an authentication factor, complete that process before you add a policy.

About this task

Create a policy that authenticates a users identity when they log in to SOTI Identity.

Procedure

  1. In the SOTI Identity console, open the main menu and select Policies.
  2. Select New Policy > Authentication. The New Authentication Policy wizard opens.
  3. Enter a name for the policy.
  4. Select Add to set up the Multi Factor Authentication (MFA). Choose at least one authentication factor from the list.
    Note: If you add many authentication factors, users can choose which one to use to log into SOTI Identity.
    Multi-factor
  5. Select Next.
  6. Optional: In the Conditions tab, configure conditions that apply to this policy.

    The Add Conditions tab selected

    1. To exclude users based on their IP address, turn on the IP Address toggle and enter an IP address. You can also block IP addresses within a range. Choose IP Range from the list and then enter the range limits. Select Add to add more addresses or ranges.
      Users accessing SOTI Identity from a specified IP address or within the IP address range are not subject to multifactor authentication.
      Note: IP addresses must be in IPv4 format. IPv6 is not supported.
    2. To enforce MFA when a user logs in from a different location, turn on the Location toggle. When enabled, SOTI Identity reviews the location of the user’s login and compares it with the last login location. If the location is different, MFA applies before login.
    3. To enforce MFA based on a travel velocity calculation, turn on the Velocity toggle. When enabled, SOTI Identity compares the last login location and time to the new one. If reaching the new login location within the given time is physically impossible, MFA applies before login.
  7. Select Next.
  8. In the Assign Policy tab, select the user and user groups that this policy applies to.
    The Assign Policy tab selected
    1. Choose SOTI Identity or External Directory.
      You can add both local SOTI accounts and external directory accounts to the same policy.
    2. Under Assigned User Groups, select Add to open a menu where you can add users (directory only) or user groups.
      When you add directory users and user groups, you also need to specify a directory connection.
  9. Select Add to save the policy.

Results

The new policy is immediately active and applies the next time a user logs into a SOTI ONE app.

You can edit or delete policies at any point.