Apply step-up authentication policy
Step-up authentication is implemented through a POP policy placed on the objects requiring authentication-sensitive authorization. You can use the IP endpoint authentication method attribute of a POP policy.
The configured authentication levels can be linked to IP address ranges. This method is intended to provide management flexibility. If filtering users by IP address is not important, you can set a single entry for anyothernw (any other network). This setting affects all accessing users, regardless of IP address, and requires the users to authenticate at the specified level. This method is the most common method for implementing step-up authentication.
The anyothernw entry is used as a network range that matches any network not otherwise specified in the POP. Use this method to create a default entry that can either deny all unmatched IP addresses or allow anyone access who meets the authentication level requirement.
Any
Other Network in the output of the pop
show command. The following output shows a sample
for the poptest1 POP: pdadmin sec_master> pop show poptest1
Protected object policy: poptest1
Description: Test POP
Warning: no
Audit level: none
Quality of protection: none
Time of day access: sun, mon, tue, wed, thu, fri, sat:
anytime:local
IP Endpoint Authentication Method Policy
Any Other Network 0See the IBM Verify Identity Access for Web: Command Reference.