If your organisation has specific security requirements, or wants to use some advanced functionality such as Federation Services, you will need to create a custom security policy and assign it to your verified domain.
This way, the users who are logging in with that domain in their email address to inherit that security policy.
To setup a security policy, follow the steps below:
Click your avatar, then select My Account.
Click Security policies then click Add security policy.
Note: The security policy cannot be used and won’t have any effect until it’s assigned to a verified domain.
3. Give the security policy a name then provide a list of owners' email addresses.
Note: By adding more owners, you allow other members of the organisation to own and control this security policy. Once another user becomes an owner of the security policy, they will be able to see, edit and even delete it when they navigate to their own account management area.
Configure the relevant security policy:
Access Identity Session Length
Application Session Length
Access Token Length
Password Expiry Interval
Failed Sign In Attempts Before Lockout
Lockout Duration
Stay Signed in option allowed
Require Captcha
Impersonation Allowed
Force Two Factor Authentication Required
Tip: To get more details on the fields, click the tooltips next to each item.
One additional option on the security policy is the ability to configure it to work with Federation Services such as ADFS. Much of this setup will rely on your organisation's third party Open ID Connect provider and would therefore require assistance from your IT department as The Access Group will not be able to advise on aspects of this setup that do not sit directly within Access Identity. To configure it to use this, follow the steps below:
Change the Identity Provider from Local to OpenID Connect.
Enter an Identity provider name, authority URL and your client ID.
Tip: When using these options refer to the specific instructions relating to the other system’s OpenID Connect configuration for allowing it to work with Access Identity.
Test your changes.
Click Save changes.
Note: Once this is enabled you will be changing the sign in process for affected users to authenticate against this third party identity provider rather than against their password set in Identity.
On saving the custom security policy or if you have been added as an owner of the security policy, you will now see the new security policy listed, what domains they have been associated with and whether they are currently active.
Once a security policy has been assigned to a verified domain and set to enabled, it will then cause all users signing in with that domain in their email address to have the security policy settings applied to their account.