Policies Guide

Overview

Policies are a set of rules that can be applied to a group of users during authentication. Policies work exclusively with Applications, for more information see Applications Guide.

Upgrade your connectors

See the Applications Connector Upgrade Guide page for more information about how to upgrade your connectors to use Applications.

Types

Policies allow administrators to dictate how and when users authenticate for a particular policy. There are three types of policies:

Organization Policy

The Organization Policy applies to the entire LoginTC Organization and is the default Policy when Application Policy and Group Policies are not present.

Application Policy

The Application Policy applies to all users authenticating to an Policy. It overrides the Organization Policy.

Group Policy

The Group Policy applies to specific group of users authentication to an Policy. It overrides both Organization Policy and Application Policy. Group Policies are in priority order. If a user is part of multiple groups, then the first Group Policy found will be the one applied.

Managing

Create a Policy

To create a new Policy:

  1. Log in to LoginTC Admin
  2. Click PoliciesPolicies
  3. Click + Create Policy
  4. Enter a Name and select desired policies:Policy Details
  5. Click Create

Edit a Policy

To edit an existing Policy:

  1. Log in to LoginTC Admin
  2. Click PoliciesPolicies
  3. Click desired Policy
  4. Perform desired editsPolicy Details
  5. Click Save

Edit the Organization Policy

To edit the Organization Policy:

  1. Log in to LoginTC Admin
  2. Click PoliciesPolicies
  3. Under Organization Policy section click Edit
  4. Perform desired editsPolicy Details
  5. Click Save
Applying to an Application

Policies can be applied to an Application as an Application Policy or a Group Policy. The Organization Policy is the defualt Policy applied when no other policies are present.

Apply a Application Policy

To apply an Application Policy:

  1. Log in to LoginTC Admin
  2. Click ApplicationsApplication
  3. Click desired ApplicationApplication
  4. Under Application Policy section click Apply Application PolicyPolicy
  5. Select the desired Application Policy from the dropdownPolicy
  6. Click Apply

Apply a Group Policy

To apply a Group Policy:

  1. Log in to LoginTC Admin
  2. Click ApplicationsApplication
  3. Click desired ApplicationApplication
  4. Under Group Policy section click Apply Group PolicyPolicy
  5. Select the desired Group Policy from the dropdownPolicy
  6. Select the desired Group(s), more than one Group can be selected
  7. Click Apply

Edit Group Policy priority order

To edit Group Policy priority order:

  1. Log in to LoginTC Admin
  2. Click ApplicationsApplication
  3. Click desired ApplicationApplication
  4. Under Group Policy section click Edit Priority OrderPolicy
  5. Drag and drop Group Policies in desired priority order
  6. Click Save Priority Order
Policy Settings

Policy Details

Specify a name a description for organizing your LoginTC policies.

Application

Property Explanation
Name The name of the policy. This name will appear throughout the Admin Panel and in particular on the Applications policy management pages.
Description A short description of this policy

Authentication Methods

Dictate which authentication methods are permitted for use.

Application

Authentication Method Explanation
LoginTC Push Allow users to authenticate with push based authentication to their LoginTC app
Push Number Matching When available, the user must match a displayed number when approving a request
Software One-time Password (OTP) Allow users to authenticate with the software OTP token displayed in the LoginTC app
Passcode Grids Allow users to authenticate with a passcode grid
Hardware Tokens Allow users to authenticate with a hardware token associated with them
U2F Tokens Allow users to authentication with a U2F token associated with them
Email One-time Password (OTP) Allows users to authenticate with One-time Passwords (OTP) emailed to them
SMS One-time Password (OTP) Allows users to authenticate with One-time Passwords (OTP) sent to them via SMS text messages
Phone Call Allows users to authenticate by receiving a phone call
Bypass Codes Allow users to authenticate using bypass codes in case they lose their 2nd factor device

Iframe Display

Control how the LoginTC iframe authentication window is displayed to users.

Application

Property Explanation
Normalize Iframe When using iframe based authentication only, show options that are enabled
Iframe Logo What logo to display in the top portion of the iframe window. The options are Default, Domain Image and Disabled.
Languages Select which language options are shown in the iframe. The options are English, French and German

Time of Day

Enforce policy based on time of day.

Application

Geo-Location

Enforce policy based on the location of the users access device. LoginTC retrieves geo-location information from the users access device IP address when available. If the IP Address is reserved or a local address, or unknown then the location will simply be unknown.

Application

Geo-Velocity

Enforce policy based on the subsequent change of locations of the users access device from subsequent logins. LoginTC retrieves geo-location information from the users access device IP address when available.

Application

LoginTC App

Specify which LoginTC Apps are permitted for authentication. When unchecked LoginTC Push, Software One-Time Password (OTP) and Offline QR Scan based authentication will be disabled. Future and existing tokens cannot be used for authentication.

Application

Remembered Devices

Enforce policy to allow a Windows device to be remembered for specified duration until the user signs out of their machine, reboots, logs in offline or changes networks. This feature applies to console unlock logons.

Remembered devices also works offline when Offline Authentication is enabled and configured.

Application

Offline Authentication

Specify offline authentication behaviour. Settings take effect next time the user logs in online into the LoginTC Windows Logon Connector.

Application

Property Explanation
Offline QR Scan Authentication Allow users to authenticate using offline QR Scan
Offline Bypass Codes Allow users to authenticate using offline bypass codes. Allow up to a certain number of issued codes. Codes are regenerated each time the user logs in online
Passcode Grids Allow users to authenticate with a passcode grid
Offline Days Limit Allow users to login up to a certain number of days when offline
Successful Offline Login Limit Allow users to login a certain number of times when offline
Invalid Offline Login Limit Limit invalid login attempts when offline
Troubleshooting

Need help? Please see our Help PageKnowledge Base or contact us directly at support@cyphercor.com.