Add a User Policy for authentication

You create an authentication policy to specify the types of authentication that administrators must complete to sign in to the Aurora Endpoint Security management console and users must complete to activate the Aurora Protect Mobile app or Gateway agent. Users must complete the types of authentication in the order that you specify in the policy. For example, if you add Enterprise before One-Time Password, users enter their work or myAccount credentials before they receive a one-time password prompt.

In a policy you can also configure app exceptions and specify different authenticators for specific apps. App exceptions take precedence over the authentication policy. Any authentication policies that are configured in your tenant are applied in this order:

  1. App exceptions in authentication policies that are assigned to users or groups.
  2. Authentication policies that are assigned to users or groups.
  3. Tenant authentication policy.
Add an authenticator
  1. On the menu bar, click Policies > User Policy.
  2. Click the Authentication tab.
  3. Click Add policy.
  4. Enter a name and description for the policy.
  5. In the Authentication rules section, click Add Authenticator.
    If your authenticator was created before December 2023, and you updated Aurora Endpoint Security login request URL to enable the IDP-initiated Proxy to allow users to use single sign-on (SSO) to access the Cylance console after logging in to their users’ IDP portal, add the updated authenticator and remove the original authenticate that was created. For more information, see Configure authentication for sign-in.
  6. In the Add authenticator dialog box, select an authenticator in the list.
    Repeat this step to add more authenticators to the policy. Users receive prompts from each authenticator in the order that they are listed in the policy. If you add Duo Universal MFA to the policy, you should also add another authenticator so that Duo is used as a second factor for authentication. To change the order, click Set Order, drag the authenticators to the order that you want, and click Set Order again.
  7. If you want to add app exceptions, click Manage App Exceptions.
  8. In the Manage App Exceptions dialog box, select the apps that you want to include in the Available apps pane.
  9. Click The right arrow icon.
  10. Click Save.
  11. In the Manage app exceptions section, click the tab for one of the apps that you added as an exception.
  12. Click Add Authenticator.
  13. In the Add authenticator dialog box, select an authenticator from the list. Click Save.
    Repeat this step to add more authenticators to the app exception. Users must complete the types of authentication in the order that you specify. To change the order, click Set Order, drag the authenticators to the order that you want and click Set Order again.
  14. To save the policy, click Save.
Assign policies to administrators, users, and groups.