Authentication policies

Following authentication policies are provided:

• A single-factor authentication policy requires a single piece of evidence to verify a user's identity, such as a password;
• A multi-factor policy could require evidence to verify a user's identity, such as:
  • TOTP (Time-Based One-Time Password) authenticator app
  • Push notification sent to the user's mobile device
  • one-time passcode sent over SMS, voice, or email, etc.

It can be determined whether users who do not have any enrolled MFA devices are permitted to bypass the MFA flow or are blocked from sign-on.

It is possible to set a condition for each authentication policy that determines whether to apply the policy. For example, the single-factor policy can include a condition that requires users to sign on if the most recent sign-on occurred more than eight hours ago. If no conditions are specified, users will be required to sign on every time they access the application.