Options
Options allow administrators to determine whether users can select the authentication method(s) to authenticate to RapidIdentity and to delete four different configurations bound to their digital identity.
TOTP Keys
Social IDs
Pictograph Choices
FIDO device registrations
 |
Clicking the button opens a window to search users by first name, last name, or email address.
Authentication Policy Choices
The Enable Authentication Policy Choices checkbox enables administrators to allow users to select what authentication method(s) to use to authenticate to RapidIdentity. When this box is checked, RapidFederation "collects" all matching policies associated with the user. Users matching more than one policy are presented with a drop-down box to select an authentication method after entering their username.
In order for users to select an authentication method (e.g. PingMe or Password with Challenge Questions), at least two authentication Policies must exist and the user attempting to authenticate must match both policies. If a user only matches one policy, authentication proceeds in accord with how that policy is configured.
Use Case
If a user upgrades or misplaces a required mobile device or a required QR Code, they are unable to authenticate to RapidIdentity until that device or code is reconfigured, found, replaced, or until an administrator can temporarily adjust the authentication policy. The elapsed time affects productivity for the user, associated team members, and anyone else involved to remedy this situation.
The advantage of providing users with a choice during the authentication process is that it does not require users to be dependent on a device or token during the authentication process and it saves time in the event an instance occurs when a user cannot authenticate with a policy-dependent device or token. If the policies are configured to include multi-factor authentication, users can still authenticate to RapidIdentity securely through all policies.
For example, an organization may have these three ordered policies.
PingMe
QR & Challenge
Password & Challenge (default)
PingMe requires a mobile device with the RapidIdentity Mobile application installed. The QR Code must be printed and on hand to present to the QR Code reader. If either the mobile device or QR Code is absent, the user cannot authenticate to RapidIdentity. With the Enable Authentication Policy Choices checkbox selected, a user matching either of the first two policies could then select option 3 to authenticate successfully.