Enabling Multi-factor Authentication as the User Login Rule
This section describes the procedure to enable multi-factor authentication for users.
[ Note ]
Users that log in using SmartKey authentication must set up the SmartKey app before the first login. Refer to "SmartKey Authentication" for more information.
To use device certificate authentication, device certificate authentication must be configured and devices must be registered by the user before performing the procedure described here. Refer to the configuration sequence examples in "Device Certificate Authentication When Using the IIJ ID Service CA" or "Device Certificate Authentication When Using External CAs" for more information.
Email is sent to the notification email address for a user when the user log into IIJ ID Console with email one-time password authentication. Refer to "Logging in Using Email One-time Password Authentication" in "IIJ ID Service Manual [For Users]" for more information.
- The Premium Federation Option is required to use this service together with upstream ID provider authentication.
- Click "System" and then "Security Settings."
- Click "Login Policy."
- Click "Add New Login Policy."
Enter the login policy information and then click "Register."
Option Description Policy name Specify the name of the policy. Login rule Specify the login rules in this policy that apply to trusted networks and to non-trusted networks.
Refer to "Login Conditions for Login Policies" for more information.
Assigned groups Specify the groups to which the policy is assigned. - Click the arrow button to change the priority of the login policy.
* Login policies are applied in the order of higher priority. The rules of the policy applied to a group will apply to all users in the group.
* If multiple policies are applicable to a user, the rules defined in the policy with the highest priority apply.