Creating an authentication policy

Use the Authentication Policy Editor on the appliance local management interface to create and configure an authentication policy.

About this task

Each policy consists of one or more authentication mechanisms. The mechanisms are modules that authenticate the user with a specific challenge or authentication technology, such as user name and password and one-time password. In the policy, the authentication mechanisms are grouped into a workflow. The workflow specifies the mechanism to use and the order in which each mechanism runs. The policy identifier (PolicyID) supplied as a parameter is used to initiate the authentication policy and can be supplied either with or without the standard prefix.

The Authentication Policy Editor has several sections.

Name, Identifier, and Description
Specify a name and unique identifier for the policy, and optionally include a description of the policy. Prefix the unique identifier with the following text: urn:ibm:security:authentication:asf:*. Replace the * with the identifier you want to use for the policy. For example, urn:ibm:security:authentication:asf:banking
Workflow Steps
Add one or more authentication mechanisms to use and the order in which they are to be used.

Procedure

  1. Click Add.
    The Authentication Policy Editor opens.
  2. Complete the Name and Identifier fields.
  3. Optional: Provide a description in the Description field.
  4. Click Add Add Step to add an authentication mechanism as a step in the policy workflow.
  5. Select an authentication mechanism.
    See Authentication for descriptions of the mechanisms.
  6. Click List view to review and select parameters that are supported by the mechanism.
    Not all authentication mechanisms support parameters. However, some configuration settings for authentication mechanisms can be customized with parameters on a per policy basis. If an authentication mechanism supports parameters, use the parameters settings to assign values to the parameters. See Authentication policy parameters and credentials.
  7. Click OK.
  8. Continue with one of the following steps:
    • Add another authentication mechanism to the workflow. Repeat the preceding steps.
    • After you add all authentication mechanisms, click Modify attribute if you want to customize the information that is included in the user credential. See Authentication policy parameters and credentials.
  9. Click OK.

What to do next

Use this authentication policy as the Permit with authentication action in an access control policy. See Creating an access control policy.