VIP Policy Configuration
Authentication Level Policy
You can create authentication levels for VIP Login. Authentication levels are groups of policy options that define what authentication method is available to a user when that user logs into a specific resource. Each level addresses a different security scenario, and is ranked from 1 (least strict) to 10 (most strict). For example, for most of your users, define a level that allows them to authenticate with a security code generated by any credential. For users or groups with sensitive access, define a level that requires them to authenticate only with a security code received out-of-band through an SMS or voice message. For both or either of these authentication levels, you can restrict users from using temporary security codes when authenticating.
When users attempt to sign in to a resource, your website identifies the authentication method the users must use. VIP Login enforces that requirement, and users must sign in with that authentication method. If a user attempts to authenticate using a method that is not defined for the authentication level, authentication fails.
Typically, your organization’s regulatory or audit compliance requirements drive the levels you create.
To define your authentication levels:
You can create authentication levels for VIP Login. Authentication levels are groups of policy options that define what authentication method is available to a user when that user logs into a specific resource. Each level addresses a different security scenario, and is ranked from 1 (least strict) to 10 (most strict). For example, for most of your users, define a level that allows them to authenticate with a security code generated by any credential. For users or groups with sensitive access, define a level that requires them to authenticate only with a security code received out-of-band through an SMS or voice message. For both or either of these authentication levels, you can restrict users from using temporary security codes when authenticating.
When users attempt to sign in to a resource, your website identifies the authentication method the users must use. VIP Login enforces that requirement, and users must sign in with that authentication method. If a user attempts to authenticate using a method that is not defined for the authentication level, authentication fails.
Typically, your organization’s regulatory or audit compliance requirements drive the levels you create.
To define your authentication levels:
| Select Policies in the navigation bar at the top of the page. | |
| Select Authentication level in the secondary navigation bar at the top of the page. | |
| Define your authentication levels. |