RapidIdentity Administrators' and Users' Guide

Example Authentication Policy
Password + Pictograph

To better explain the different steps needed to create a new Authentication Policy within RapidIdentity, here is an example policy that could be set up for students. This policy includes the user's password as well as the Pictograph authentication method.

  1. As a System Administrator, navigate to Configuration > Policies > Authentication.

    0-Configuration_Authentication.jpg

  2. Create a new Authentication Policy by clicking the + beneath all of the authentication policy names. If there are no Authentication Policies already existing, click Add Authentication Policy in the top right. In the General tab, enable the policy (click the checkbox next to Enabled), and name it (enter a name in the Name field). (For this example, the name is "Example Password + Pictograph.") Enter a brief description in the Description field if desired.

    1-Example_Auth.jpg

  3. Move to the Criteria tab. Use the first subcategory, LDAP Filter, to tell RapidIdentity what kind of users this policy will be authenticating. In this example, RapidIdentity is being instructed to check that anyone under this policy is an active student (idautoStatus=A for Active status, employeeType=student to define the type. The & at the beginning of the statement requires both conditions to be true).

    Note

    The syntax of the LDAP Filter must be correct for this to work. If the syntax is not correct, the Open LDAP Builder link will read Fix in LDAP Builder, and you can click that link to enter the information in a slightly different menu.

    2-Example_LDAP_Filter.jpg

  4. The second subcategory in the Criteria tab, Day of Week, allows you to determine the days that users would be authorized to log in. In this example, we chose only weekdays, as students would likely not need access to the system on weekends. Remember to Enable each subcategory to ensure it applies to the policy.

    3-Example_Login_Days.jpg

  5. In the next subcategory, Time of Day, define the hours during which users will be authorized to log in. Since this policy is for active students, this example has the hours from 7:15am to 4:30pm to offer some cushion for early and late users, but to disallow system use during the evenings and early morning.

    Note

    Times are listed in 24-hour format, so 4:30pm is defined as 16 Hours 30 Minutes. The time zone is also listed; if left blank, it will default to the system's time zone.

    6-Example_Login_Times.jpg

  6. The last subcategory in the Criteria tab that needs to be populated for this policy is Source Network. This defines the networks by which any incoming connection may be automatically accepted or refused based on Whitelist and Blacklist settings. In this example, we have selected to Whitelist a network that we expect students to be using to access the system. Remember to Enable the settings for each subcategory.

    5-Example_Whitelist.jpg

  7. Now move from the Criteria tab to the Authentication Methods tab. First, we are setting up the Password authentication requirement; click the checkbox to Enable this function.

    Note

    This example is just a basic on/off selection; you can also choose to Enable Password Expiration and set the number of days before expiration that the user will receive a notification.

    7-Password_Auth_Method.jpg

  8. Next, we need to Enable the Pictograph authentication method. Switch to that menu and click the checkbox.

    Note

    The other variables in this menu are explained in the Pictograph section of this guide.

    4-Example_Auth_Methods.jpg

  9. Click Save at the bottom of the screen to commit all settings.

In this section: