Adaptive Access User Actions
You can configure different user actions in your adaptive policy. The following table describes the actions that you can configure in an adaptive policy and how they affect user access. You can configure different actions also by editing an existing policy.
| User action | Description | User impact |
|---|---|---|
| Block (Override) |
Block override is used to override all other decisions that were made during the adaptive assessment. Block override can be used to force an override of the adaptive assessment itself. A block override action might be implemented when a particular employee is suspended from work duties and must not have access to a specific application. |
The user is always be blocked. This action means that the affected user is not able to access the application until the block override condition has is removed from the policy. |
| MFA (Override) |
MFA override is used to override all other decisions, except for Block override, that was made during the adaptive assessment. The MFA override can also be used to override the adaptive assessment itself. An MFA override action might be implemented when a group of users are known to be frequent travelers. By implementing the MFA override condition, the users are always be asked to MFA when they access the particular application. |
Users are always requested to provide an MFA of some kind to confirm their identity. This action provides a second level of protection for sensitive applications by forcing users to identify themselves before they can access it. |
| Allow (Override) | Allow override is used to override all other decisions, except block and MFA override, that
were made as part of the adaptive assessment. The Allow override action might be implemented when a specific user must access a particular application regardless of what other assessments were made. By implementing the Allow override, the user is always granted access to the requested application |
Users are always granted access to the requested application. The implementation of this action needs to be clearly understood as the users are always provided access independent of the other assessment results. Use caution when you implement this action. |
| Block and redirect | The Block and redirect action blocks the user from accessing the requested application and redirects them to the URL or URI specified in Redirect URI. | The user cannot access the application and is redirect to the specified URL or URI. |
| Block | The Block action prevents a user from accessing the requested application. | The user cannot access the application. |
| MFA Always | MFA Always requires that the user provide MFA every time they attempt to authenticate to the application. | The user must complete an MFA challenge each time they authenticate to an application. |
| MFA per session | MFA per session requires MFA only the first time the user authenticates to the application. Additional requests during the lifetime of the user’s session do not require an additional MFA. | The user is required to complete an MFA challenge the first time that they authenticate to an application. All subsequent requests to the application within the session do not require an additional MFA challenge. |
| Allow | Allow grants a user access to the application. | The user is able to access the application. |