RapidIdentity Administrators' and Users' Guide


Create new policies by clicking the plus icon and remove existing policies by clicking the minus icon. Policies can be prioritized using the up and down arrows and copied. The General tab captures initial configuration options for this policy, as defined below.

Table 60. Authentication Policies - General




Once the configuration options have been determined, click this checkbox to enable the policy. A Policy cannot be saved in the Enabled state until at least one of its Authentication Methods has been Enabled as well.

Is a Forgot Password Policy?

Enable this to allow the particular policy to be used during the Forgot Password? workflow. This will disable the below authentication methods for that workflow.


Once enabled, the Social, Federation, Kerberos, QR Code, or Password Authentication Methods are then disabled and will no longer be available in the list of authentication methods for that policy because they are not valid for this feature.


Name the policy. The policy cannot be saved until it has been named.


Enter an optional description for this policy.

Always Fail

Clicking this checkbox will ensure that any user who matches this authentication policy will never be able to authenticate successfully. This could be used, for example, in conjunction with the Time of Day or Source Network criteria to disallow authentication on weekends or when someone is coming from outside a trusted network.

Insecure QR ID Scans Enabled

When this checkbox is selected, users matching this policy can enter a QR code instead of their username. If the authenticating user's policy requires QR authentication, a valid secure QR code will suffice for the credential and the user will not be prompted for that method later. Insecure QR Codes only provide a username, and the user will then be required to authenticate using another method.

RapidIdentity Portal users able to generate QR Codes can determine whether the printed QR Code is secure or insecure. Ultimately, an insecure QR code may only be used for identification purposes, but a secure QR code may be used for identification as well as an authentication credential.


If at least one enabled authentication policy allows insecure QR Code scans or at least one enabled authentication policy requires QR authentication, the "Scan QR Code" will show up on the initial login page. If the user is on a device that does not support QR scanning (e.g. a desktop computer with no camera), the button will be present but disabled.


Click Save. New policies will be assigned a fixed, unique ID that will be visible next time the policy is viewed.