The Authentication Methods Policy allows organizations to define which authentication methods users can use to access their applications. This policy enhances security by ensuring that critical user groups, such as privileged accounts and administrators, use stronger authentication methods like WebAuthn/U2F Security Key, while regular users can utilize convenient methods like Mobile Push. When used at the application level, the Authentication Methods Policy defines which authentication methods can be used to access a specific application, effectively allowing administrators to preclude users from using less secure authentication methods to access high-risk resources.
Default Authentication Method
The Default Authentication Method allows administrators to pick an authentication method that will be automatically chosen after users enter their correct login and password. For example, users may immediately see a window asking them to enter a Passcode (TOTP) generated by their authenticator app, such as Rublon Authenticator or Google Authenticator. Or users may immediately receive an automatic Mobile Push authentication request on their phone with the Rublon Authenticator.
The Default Authentication Method policy simplifies user experience, increases control for administrators, provides flexibility, improves security, and enhances efficiency during login.
Use Case: Require Admins to Use Hardware Keys, While Regular Users Can Use a Mobile App
Scenario
Enforce stricter authentication methods (such as hardware keys) for administrators to enhance security while allowing regular users to log in more conveniently using a mobile app.
Challenge
Balancing security requirements for administrators with the need for a user-friendly experience for regular users. Enforcing different authentication methods for admins and regular users.
Solution
Implement an Authentication Methods Policy that requires administrators to use hardware keys and regular users to use a mobile app for authentication.
Benefits
- Enhanced Security: Administrators are protected with the highest level of security in the form of phishing-resistant FIDO security keys.
- User Convenience: Regular users have a streamlined login experience using their mobile apps, such as Rublon Authenticator, Google Authenticator, or Microsoft Authenticator.
- Customizable Policies: Tailored authentication methods for different user groups enhance overall organizational security.
- High Flexibility of the Setup: Administrators can readily and effortlessly adjust the available methods for both groups, as well as enforce the policy on other groups.
Step-by-Step Configuration Guide
Refer to Group Policies – Require IT Admins to use hardware keys for detailed instructions on how to configure the policy in the described scenario.
Use Case 2: Disable the SMS Passcode Authentication Method for External Users
Scenario
Enhance security for external users by disabling the SMS Passcode authentication method, ensuring they use more secure methods.
Challenge
Transitioning external users from the less secure SMS Passcode method to more secure authentication methods without disrupting their access.
Solution
Implement a policy that disables the SMS Passcode authentication method for external users and allows them to use alternative methods like mobile apps or hardware keys.
Benefits
- Increased Security: Eliminates the use of the less secure SMS passcode method for external users.
- Encourages Secure Practices: Promotes the adoption of more secure authentication methods among external users.
- Compliance: Ensures that authentication methods meet security standards and regulations.
Step-by-Step Configuration Guide
Refer to Group Policies – Disable the SMS Passcode authentication method for external users for detailed instructions on how to configure the policy in the described scenario.
