Access policies are added to AuthPoint groups to specify which resources users in that group can authenticate to and which authentication methods they can use (Push, QR code, and OTP). For each resource, you add an access policy to the groups that can authenticate to access that resource.
You can add multiple access policies to each group (one for each resource).
Assign Access Policies for Resources
Once you have added and configured resources in AuthPoint, you must add access policies for those resources to each group can authenticate to those resources.
To assign access policies, in the AuthPoint management UI:
- From the AuthPoint navigation menu, select Groups.
- Click the Name of your group.
- In the Access Policy section, click Add Policy.
- In the Add Policy dialog box, from the Resource drop-down list, select the resource you want to require authentication for.
- (Optional) To require that users type their password before they authenticate for this resource, select the Require Password Authentication slider.
- Access policies for an Office 365 resource have a Basic Authentication option (also called Enhanced Client or Proxy). Select the Basic Authentication slider if you require authentication for a resource that cannot use MFA.
- Select which authentication options users in this group can choose from when they authenticate. For more information about authentication methods, see About Authentication.
For RADIUS client resources, you can only choose OTP or push. RADIUS client resources cannot use the QR code authentication option.
For SAML resources, if you select more than one authentication option, users must choose one of the available options when they authenticate. For example, if you select OTP and Push users can choose whether to type their OTP or approve a push to authenticate, but you cannot require that they do both.
- Click Add.
The Add Policy dialog box closes.
- (Optional) Repeat the previous steps to add access policies for additional resources to the group.
- Click Save.
To edit the access policy for a specific resource, click the resource name to open the Edit Policy dialog box. From there, you can change which authentication methods are allowed for the resource and whether a password is required.