Configure the Default Authentication policies for your tenant

By default, Aurora Endpoint Security has three tenant authentication policies that are used to manage the types of authentication that administrators must complete to sign in to the Endpoint Defense console and users must complete to activate the Aurora Protect Mobile app or Gateway agent. The tenant policies are applied when no app exception or authentication policy is assigned to the user for the console or the app that they are trying to access. The default policies and their authenticators are:
  • Administration Console: This policy uses the Endpoint Defense console password as the default authenticator. For tenants created after March 2024, this policy uses the Endpoint Defense console password and One-Time Password as the default authenticators. It is used for authentication to the Aurora Endpoint Security management console.
  • Gateway: This policy uses the user’s enterprise password as the default authenticator. It is used when users activate the Gateway app or desktop agent.
  • Aurora Protect Mobile app: This policy uses the user’s enterprise password as the default authenticator. It is used when users activate the Aurora Protect app on mobile devices. It is not applied when the user activates the desktop agent.

You can edit the policies to add other types of authentication that users must complete in the order that you specify in the policy. For example, if you add One-Time Password after the Enterprise authenticator, users enter their work or myAccount credentials before they receive a one-time password prompt.

Add an authenticator.
  1. On the menu bar, click Settings > Authentication > Default Authentication.
  2. Click the policy that you want to edit.
  3. In the App Authentication section, click Add Authenticator.
  4. In the Add authenticator dialog, select an authenticator from the list, and then click Add.
    Repeat this step to add more authenticators to the policy. Users must complete the types of authentication in the order that you specify. To change the order, click Set Order, drag the authenticators to the order that you want and click Set Order again.
    Note: If you add One-Time Password as an authenticator, it must be set after the enterprise password.
  5. Click Save.
If you added authenticators to a default policy, you can click Revert to Default Method on the policy list page to restore the default setting.