2FA Policy
Scope: SessionLimit 2.0
Last updated
Scope: SessionLimit 2.0
Last updated
The 2FA policy is to ensure that end users undergo secondary verification when logging into their computers. It is activated as soon as the user logs in and asks the user for a 6-digit OTP code. OTP codes can be obtained by the following 2 methods.
SMS
Authenticator mobile app
Although the SMS feature can be selected here, it has 2 prerequisites.
In the LDAP settings, the attribute containing the users' mobile phone numbers must be selected.
SMS settings must be made.
Care should be taken when implementing 2FA policies. If the affected users do not have an authenticator setting at the time the policy is assigned, or if it is applied when they do not see 2FA activated, the session will be automatically logged out at the end of the specified period. Care should be taken when activating the policy to avoid situations such as data loss on affected computers.
Provides 5 different options. Decides how often the 2FA verification should be made by the end user.
Never: Never performs 2FA verification.
When logging on from a new machine: If a different computer is logged in than the last computer with 2FA, it asks the user for 2FA verification,
At Every Logon: It asks for 2FA verification for every login,
At the first logon: It asks for 2FA verification from the user's first session of that day. This option is independent of which computer it is logged in from.
Every X Day(s): This option only asks for 2FA verification once in the specified day range. 2FA verification must be performed in the 2 sessions to be opened after this period.
This is the number of times an incorrect code is allowed to be entered when the end user tries to log in to the computer with 2FA. By default, it is 3, the minimum value is 2 and the maximum value is 5.
Policy Assign: The policy is assigned to the user, security group or Organizational unit. This action takes immediate effect if performed and enables the user to perform secondary verification by displaying a 2FA screen in active sessions. Sessions are only intervened in systems with agent installed. The session on the system that does not have an agent installed cannot be interfered with.
Update Policy: It is used to change 2FA policy settings.
Policy Assign Details: Displays the assignment information of the policy.
Delete Policy: It is used to delete the policy.
Choose domain
Select the criteria to be searched in the search user field.
Enter at least 1 character in the search field, press the search button.
Select the AD objects you want to protect with 2FA Policy from the list and press the Add button.
Once you finish adding to the list, save it with the Save button.
If you want to remove it after adding it to the list, you can delete a single object with the Delete button, or the entire list by clicking remove list.
Update policy screen is used to make changes to the existing policy.
Which type of 2FA method should be used?
In what type of sessions should it be used? etc.
The users, groups and OUs to which the policy is applied are displayed on the Policy Assign Details screen. deleting and clearing the list operations can be carried out from this screen.
It is used to delete the policy. Once the policy is deleted, 2FA transactions related to this assignment will not occur again.
