CloudCodes For Business gives high security against any kind of suspicious attempts to account for any access with its multifactor authentication method.
For Apply the Policy Click on the "Add" button. You will get the below MFA policy page.
Title: Name your policy to identify it later when you want to make changes quickly.
Description: Short description for helping understand the policy if more than one admin is managing the account
Enabled: For some reason, if you want the policy to be disabled for some time and re-enable it, you can check/uncheck “Enabled” option as shown above.
Valid Always: You can decide the validity of the policy with the Valid Always button. Toggling this you can say whether you want a policy for a stipulated time or a policy that is always applied
Valid From and Valid To: If Valid Always is off, then you will have to provide the date range for which the policy needs to be applied. This way admin need not manually turn off the policy
Validation: After this, the admin has to select the validation method;
There are three options.
1)OTP
2)Google Authenticator.
3)Duo Push
Save Device: This policy allows users to log in with the saved devices without the multi-factor authentication from next time.
Expiration Days: The number of days after which the user will be asked for multi-factor authentication after saving his/her device.
9. Enforce: Enforce Policy includes:
Always
Corporate Network
Remember User IP -
A. Block Access :
B. Notify the admin and allow access.
C. Re-Register IP
9.1. On selecting Always, the users will be asked for multifactor authentication on each login.
9.2. Alternatively, if the admin opts for Corporate Network; all the users logging from the company’s network IPs will not be enforced for multi-factor authentication.
9.3. In Remember User IP option includes three more options, the users accessing the account with not registered IP address then
“Block access” option will block logging in from unregistered IP
The "Notify" option will notify the admin when the user logins from unregistered IP through email notification.
“Re-register IP” option the unregistered IP also gets registered and is not prompted for multifactor authentication.
10. Re-register: Allow the end user to re-register his/her account on Google Authenticator.
Add Users: This section is dependent on the option selected in the option type
- User-based: You can apply policies to specific users. In this case, the message is shown only to the users to whom the policy is applied. Admins can also add users one by one using the Add User button or add users in bulk using a CSV file import.
- Organization unit-based: A simpler way of applying policy on bulk users. This will apply policy to the Organization units created in CloudCodes For Business Console
- All OU: If the add-all OU checkbox is checked, the policy gets applied to all the domain users.
**********************************************************************************************************