Create an authentication policy Skip Navigation

Create an authentication policy

You create an authentication policy to specify the types of authentication that administrators must complete to sign in to the
Cylance Endpoint Security
management console and users must complete to activate
Cylance Endpoint Security
apps or agents (for example,
CylancePROTECT Mobile
or
CylanceGATEWAY
) . Users must complete the types of authentication in the order that you specify in the policy.  For example, if you add Enterprise before One-Time Password, users enter their work or
my
Account
credentials before they receive a one-time password prompt.
In a policy you can also configure app exceptions and specify different authenticators for specific apps. App exceptions take precedence over the authentication policy. Any authentication policies that are configured in your tenant are applied in the following order:
  1. App exceptions in authentication policies that are assigned to users or groups
  2. Authentication policies that are assigned to users or groups
  3. Tenant authentication policy
  1. On the menu bar, click
    Policies > User Policy
    .
  2. Click the
    Authentication
    tab.
  3. Click
    Add policy
    .
  4. Enter a name and description for the policy.
  5. In the
    Authentication rules
    section, click
    Add Authenticator
    .
    If your authenticator was created before December 2023, and you updated
    Cylance Endpoint Security
    login request URL to enable the IDP-initiated Proxy to allow users to use single sign-on (SSO) to access the Cylance console after logging in to their users’ IDP portal, add the updated authenticator and remove the original authenticate that was created. For more information, see Enhanced authentication sign in.
  6. In the
    Add authenticator
    dialog box, select an authenticator in the drop-down list.
    Repeat this step to add more authenticators to the policy. Users receive prompts from each authenticator in the order that they are listed in the policy. If you add
    Duo
    MFA to the policy, you should also add another authenticator so that
    Duo
    is used as a second factor for authentication. To change the order, click
    Set Order
    , drag the authenticators to the order that you want, and click
    Set Order
    again.
  7. If you want to add app exceptions, click
    Manage App Exceptions
    .
  8. In the
    Manage App Exceptions
    dialog box, select the apps that you want to include in the
    Available apps
    pane.
  9. Click The right arrow icon.
  10. Click
    Save
    .
  11. In the
    Manage app exceptions
    section, click the tab for one of the apps that you added as an exception.
  12. Click
    Add Authenticator
    .
  13. In the
    Add authenticator
    dialog box, select an authenticator from the drop-down list. Click
    Save
    .
    Repeat this step to add more authenticators to the app exception. Users must complete the types of authentication in the order that you specify. To change the order, click
    Set Order
    , drag the authenticators to the order that you want and click
    Set Order
    again.
  14. To save the policy, click
    Save
    .