Configure custom policies

Custom policies let you set resource-specific rules that you can apply to one or multiple resources. Those rules take precedence over the global policy in aspects that differ from the global settings.

The easiest way to configure a custom rule is to clone an existing policy. Cloning an existing policy lets you save all the requirements resulting from the cloned policy that you want to preserve, and override settings that you want to modify.

Next, you can assign the policy to the specific resources that you want to protect with this policy.

Follow this instruction to learn how to clone the global policy, apply exceptions, and assign the new custom policy to the selected groups and integrations.

How to

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Policies.

  2. Navigate to the global policy and click Clone policy.

    The cloned global policy configuration page displays.

  3. Go to the summary panel on the right side of the screen, and add the policy description.

    Description is an optional field that lets you enter auxiliary information, such as the reference to the resources that are going to be impacted by this policy. For example, to point out that this policy applies to members of the help desk group, enter Help desk policy.

  4. Configure policy for a new and existing user.

  5. Configure your device posture policy.

  6. Define your allowed authentication methods.

  7. Configure your lockout policy.

  8. Navigate to the policy summary panel that lets you associate this policy with a specific resource.

  9. To enforce this policy on a particular group by assigning it to this group, follow these steps:

    1. Go to Groups and click the Associate (clip) icon.
      The list of configured group accounts displays.
    2. Search and select groups whose members must comply with the restrictions of this custom policy when they access enterprise applications.
    3. Click Associate.
      You've just associated the selected groups with this custom policy.
  10. To assign your custom policy to the selected integrations, follow these steps:

    1. Go to Integrations and click the Associate (clip) icon.
      The list of configured integrations displays.
    2. Search and select integrations that you want to protect with this custom policy.
    3. Click Associate.
      You've just associated the selected integrations with this custom policy
  11. Click Save and Deploy.
    You've just configured a new custom policy and assigned it to the selected groups and integrations. Users belonging to the assigned groups will have to comply with these policy settings when they attempt to access the assigned integrations.


Did this page help you?