Adding a new Authentication policy.
- Log into your Passly tenant https://(company-name).my.passly.com
- Select Policy Manager.
- Select Authentication.
- Select the Blue + Sign in the bottom right corner.
-
Name the Policy. From here you are going to select one of the following Elements.
-
Users - Users can be triggered by Sign-in, Role membership, Group membership or a specific attribute.
-
Sign In time - This is going to allow for a trigger before or after a specific date/time.
-
Sign In Location - Country, State, City.
-
Sign in IP - Select whether the IP/ Subnet is within the range or outside of a range.
Note: CIDR notations can be used here for ranges.
-
Internal IP - Select whether the Internal IP/ Subnet is within the range or outside of a range.
Note: CIDR notations can be used here for ranges.
-
Sign In Device - Device is trusted or not trusted.
These are the elements you are using to trigger to the authentication requirements.
-
Next we select one of the following Actions for Then and Else statements.
-
Set Allowed Methods - The passwords types that can be accepted.
-
Require 2FA - Which 2FA options are to be used.
-
Set Session Lifetimes - These settings control how long the user will remain logged before they are signed out.
-
Trust Device - Set the requirements to Trust a device.
Trusted devices do not require 2FA each time they are accessed. We are setting an arbitrary time length for users. -
Deny Access
Note: Care should be taken when working with the Authentication policies. We do not recommend changing the Default Authentication policy until you have tested the new policy you wish to use. Applying a bad policy can lock users out of the tenant or an endpoint
Working with the Default Policy
Changing the Default Policy to require all users to use 2FA - https://helpdesk.kaseya.com/hc/en-gb/articles/4407407320849-Changing-the-Default-Policy-to-require-all-users-to-use-2FA
Working with Office 365
Working with Service accounts and Office 365 - https://helpdesk.kaseya.com/hc/en-gb/articles/4407398496529-Working-with-Service-accounts-and-Office-365
Working with a Windows Logon Agent
Adding a Windows Logon Agent - https://helpdesk.kaseya.com/hc/en-gb/articles/4407396797585-Adding-a-Windows-Logon-Agent