About Policy Precedence

Precedence is how AuthPoint determines which authentication policy to use when multiple policies could apply to a user authentication. When two policies conflict, the order of your authentication policies determines precedence. To determine whether a user can access a resource and how they authenticate, AuthPoint uses the highest policy in the list that matches the conditions of the authentication.

The conditions of the authentication include:

  • The resource the user authenticates to.
  • The AuthPoint groups the user is a member of.
  • The time of the authentication (for time schedules).
  • The user's IP address (for network locations).

Policies with network locations only apply to user authentications that originate from that network location. If the authentication request does not contain the origin IP address, the policy does not apply.

In the example below, if a user is a member of both the Support group and the Sales group, the policies for their groups conflict.

  • The Support policy requires a password and an OTP to log in to Salesforce.
  • The General policy requires a password and a push to log in to Salesforce.

In this example, when a user that is a member of both the Support group and the Sales group logs in to Salesforce, the Support policy applies because it is the highest policy that matches the conditions of the authentication.

Set Policy Precedence

When two policies conflict, the order of your authentication policies determines precedence.

To change the order of policies in the list, you can:

  • Drag a policy to move it
  • Type a number in the Order column

You are prompted to confirm your changes when you reorder your policies.

See Also

About AuthPoint Authentication Policies