Adding an Authentication Policy

Adding a new Authentication policy.

  1. Log into your Passly tenant https://(company-name).my.passly.com
  2. Select Policy Manager.
    e8aa74c6-7e29-46d4-ab2f-f84d7c5c3264.png
  3. Select Authentication.
    279a155f-1e65-4d9e-a888-05daca37b1cf.png
  4. Select the Blue + Sign in the bottom right corner.
    912663a2-21a9-4e9d-9122-7217c71f400e.png
  5. Name the Policy. From here you are going to select one of the following Elements.
    483502ad-2301-4f4f-8862-6cebac4b818c.png
  6. Users - Users can be triggered by Sign-in, Role membership, Group membership or a specific attribute.
    8501f003-9916-4574-b7da-f21c5a81e58f.png
  7. Sign In time - This is going to allow for a trigger before or after a specific date/time.
    e6dc2cac-583f-4ba0-a24d-dea762a3a9e4.png
  8. Sign In Location - Country, State, City.
    ac3df1a6-2923-4abd-b752-752670a1e528.png
  9. Sign in IP - Select whether the IP/ Subnet is within the range or outside of a range.
    Note: CIDR notations can be used here for ranges.
    a89ede99-f214-4bdc-a09e-10536674e745.png
  10. Internal IP - Select whether the Internal IP/ Subnet is within the range or outside of a range.
    Note: CIDR notations can be used here for ranges.
    a89ede99-f214-4bdc-a09e-10536674e745.png
  11. Sign In Device - Device is trusted or not trusted.
    7301a9d0-1fb1-4347-8ab2-20718f426e44.png

These are the elements you are using to trigger to the authentication requirements.

  1. Next we select one of the following Actions for Then and Else statements.
    df9c9f95-41ba-4f24-9bda-34a5b97743cd.png
  2. Set Allowed Methods - The passwords types that can be accepted.
    7c222d7d-c1cf-42d3-95ee-d7c9decb681c.png
  3. Require 2FA - Which 2FA options are to be used.
    a33e7f09-7eab-494d-bfe2-fe9b3d02e23f.png
  4. Set Session Lifetimes - These settings control how long the user will remain logged before they are signed out.
    2ab9b258-f066-4186-9a53-be15ea0cbb32.png
  5. Trust Device - Set the requirements to Trust a device. a1cc8973-3da6-4b08-9485-6f7dd7e554ed.png
    Trusted devices do not require 2FA each time they are accessed. We are setting an arbitrary time length for users.
  6. Deny Access
    ae038a3f-de77-4420-82e4-e99d536b99ce.png
    Note: Care should be taken when working with the Authentication policies. We do not recommend changing the Default Authentication policy until you have tested the new policy you wish to use. Applying a bad policy can lock users out of the tenant or an endpoint

Working with the Default Policy

Changing the Default Policy to require all users to use 2FA - https://helpdesk.kaseya.com/hc/en-gb/articles/4407407320849-Changing-the-Default-Policy-to-require-all-users-to-use-2FA  

Working with Office 365

Working with Service accounts and Office 365 - https://helpdesk.kaseya.com/hc/en-gb/articles/4407398496529-Working-with-Service-accounts-and-Office-365  

Working with a Windows Logon Agent

Adding a Windows Logon Agent - https://helpdesk.kaseya.com/hc/en-gb/articles/4407396797585-Adding-a-Windows-Logon-Agent  

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section