Configure policy for an unenrolled and enrolled user

Learn how to set up or update your Unenrolled User or Enrolled User policies.

The Unenrolled User policy

It defines the way you onboard new users who don't have access to a registered device and attempt to access protected applications. By default, an unknown, unprovisioned user is blocked by the service. This policy lets you change that behavior and evaluate an unknown, unprovisioned user the same as an unenrolled user. The values that you can set as your Unenrolled User policy are the following:

Unknown User (if evaluation is enabled)

Unenrolled User

Enroll. Unknown users are provisioned and required to self-enroll in ‚ÄčAkamai MFA‚Äč before they can access an enterprise application.

Enroll. Requires users to self-enroll in ‚ÄčAkamai MFA‚Äč before they can access an enterprise application.

Allow. Lets unknown, unprovisioned users skip ‚ÄčAkamai MFA‚Äč authentication when they access an enterprise application. This is not recommended.

Allow. Lets unenrolled users skip ‚ÄčAkamai MFA‚Äč authentication when they access an enterprise application.

Deny. Prevents unknown, unprovisioned users from accessing the protected application.

Deny. Prevents unenrolled users from accessing the protected application.

To set up or update your Unenrolled User policy, follow these steps:

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Policies.

  2. On the Policies page, navigate to the policy that you want to edit and click the policy's name to display its settings.
    The policy configuration page displays.

  3. In the sidebar menu, select Unenrolled User to enable the edition of the Unenrolled User policy.

  4. In Unenrolled User, select the policy that ‚ÄčAkamai MFA‚Äč must follow when an unenrolled user attempts to access a protected application.

    • Optionally, you can Evaluate an unknown, unprovisioned user the same as an Unenrolled user.

ūüďė

Enroll is the default and recommended unenrolled user policy.

  1. Click Save & Deploy.

    This overwrites and saves your newly added Unenrolled User policy configuration.

The Enrolled User policy

It defines the policy that you want to apply to users who exist in the ‚ÄčAkamai MFA‚Äč service and have at least one authentication device assigned to their account.
The values that you can set as your Enrolled User policy are the following:

  • Enforce. Enforces enrolled users to prove their identity using one of the allowed ‚ÄčAkamai MFA‚Äč second factors.

  • Bypass. Lets enrolled users skip the secondary authentication.

  • Block. Prevents enrolled users from accessing the protected application.

To set up or update your Enrolled User policy, follow these steps:

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > Policies.

  2. On the Policies page, navigate to the policy that you want to edit and click the policy's name to display its settings.
    The policy configuration page displays.

  3. In the sidebar menu, select Enrolled User to enable the edition of the Enrolled User policy.

  4. In Enrolled User, select the policy that ‚ÄčAkamai MFA‚Äč must follow when a user that already exists in the service attempts to access a protected application.

ūüďė

Enforce is the default and recommended existing user policy

  1. Click Save & Deploy.

    This overwrites and saves your newly added Enrolled User policy configuration.


Did this page help you?