LogMeOnce Adaptive Multi-Factor Authentication (MFA) is a comprehensive, risk-based engine that enables IT administrators, to define security policies on how to handle internal, external, or partner connection requests. Policies are based on risk profiles and can trigger the need for additional authentication or provision of a limited set of applications.
As an administrator you can set a policy by following these simple steps:
1. Go to Adaptive Authentication from the smart menu.
2. Start adding a policy by clicking on the Add Policy button. If you already have a few policies this button will be present on the top right of the page.
3. Name the policy and proceed by marking the Aunthentifaction factors you desire to be applied for the policy.
4. The policy will be created and a window will appear on the right side of the screen. From this window, you can set particular policy settings based on authentic factors, groups, location, geolocation, timeframes, and devices.
General: You can view the initial policy settings such as the name and Authentication factors. You can make changes to the existing settings from this tab.
Groups: Determine either you want the policy applicable to all or certain groups. Set it on if the policy should be applied to certain groups otherwise the off option will make it applicable to all.
Location: Enter IP Addresses or ranges that define inbound and outbound of your company traffic. You can detect if the user is inside or outside of the set locations based on your settings.
Geolocation: From this tab, you can define the world region that explains where your users should come from. You can detect if the user is inside or outside of the set locations based on your settings.
Timeframe: You can restrict users to log in to their accounts within a set timeframe. Select a weekly timeframe for this policy based on specific days and hours.
Devices: You can whitelist devices from the policy by entering their serial numbers or operating systems.
Similarly, you can add as many policies as you want.
Note: You can have all you cooperate policies under one Adaptive policy or you can build multiple policies.
If you have several policies saved, you can prioritize them by moving them up/down in the list by the use of these small arrows. The policies are executed in order of priority.
Sample Adaptive Policies
The following are some of the sample policies built by customer. LogmeOnce provides comprehensive setting that can be changed based on your need and environment.
- All times - Default policy for all users
- Europe Policy - Special policy for users connecting from Europe
- Weekend Policy - Weekend policy for all users
- No 2FA - Policy for internal user which does not need 2FA
- Contractor - Policy for contractors and consultants working during specific period
- X509 Auth Forced - Forcing X509 certificate for authentication
- Special Security Group - Stronger security policy for administrators and privileged account access
- Disallowed Devices - List of disallowed devices