>
Policies
> Group Policies.
The Group
Policies page
appears.
Group policies allow you to override global settings for particular groups of users. When you create a group policy and change a setting, the change applies to the group assigned to the policy. For example, you have a group of users, such as users of a bank who authenticate to your banking system using OTP. For enhanced security purposes, you want the length of the OTP to be longer than the length set in the Global settings but your other users do not need the enhanced security. With the group policy, you can override the OTP length in the group policy setting for the users requiring enhanced security and maintain the OTP length set in the Global settings for your members that do not belong to the group.
If two policies match for the same setting, then IDaaS uses the one with the highest priority. For example, you have an OTP group policy for Group A that is listed as number 1 in the Group Policy list and you have another OTP group policy for Groups A and B that is listed as number 2 in the Group Policy list, then the Group Policy ranked number 1 takes priority for Group A over the group policy for Group A and B Group You can reorder the priority by dragging the policy on the Group Policies page to a new priority order.
Note: Before you begin, you must create the required groups. See Create and manage groups, Import groups, and Import users and groups.
Using group policies, you can override the global settings for the following:
● General authenticator settings
● Authenticators
● User Portal available authenticators
● Authenticator Provisioning
● Registration
● Verification
● Risk-based authentication
Add group policies
1. Click
>
Policies
> Group Policies.
The Group
Policies page
appears.
2. Click
. The Add Group
Policy page appears.
Tip: Click 
to
view the overrides to the global policies.
3. Select Enabled to apply the group policy to the selected groups.
4. Enter a Name for the group.
5. Select the Group from the drop-down list.
Note: You can select AD Groups. However, the policy will be disabled if the AD Group is the only group associated to the policy and the group is removed from AD and AD sync later removes it from IDaaS.
6. To
add more groups, repeat step 6. If you want to remove a group from the
group policy, click 
next to the group.
7. To add overrides to the group policy, in the Settings Category, click Add.
8. From the Settings drop-down list, select the Setting or Authenticator you want to override for the group. The global settings for your selection appear.
9. Change the required global settings for the group policy. For help, see the following help links for each option:
Settings |
General |
Verification (available only with the Consumer and Premium bundles) |
|
| Knowledge-based Authenticator | |
Tenant (available only to Service Providers) |
10. Click Save.
11. To add another Settings Category:
a. Click Add again.
b. Select the Settings from the drop-down list.
c. Make the required changes.
d. Click Save.
12. When
you have finished adding your overrides to the group policy, click
> Policies
> Group Policies
to
return to the
Group Policies page.
The group policies appear on this page. As required:
● Toggle to enable or disable a group policy.
● Click
to drag and drop to reorder the group
policy priority order.
● Click 
next to the group policy
to delete it.
Administrator
role