• Documentation
• Platform
  • Multi Factor Flow
  • User Enrollment
  • Domain Attributes
• Guides
  • Admin Panel
  • User Management
  • Applications
  • Admin Logs
  • Authentication Logs
  • Administrator Roles
  • Policies
  • Hardware Tokens (OTP)
  • Software OTP Tokens
  • Email OTP
  • Bypass Codes
  • Devices
  • Phones
  • U2F Tokens
  • Push Number Matching
  • Passcode Grids
  • Authenticator App
  • Enrollment Email
  • LoginTC Managed
  • MSP Hub
• End-User Guides
  • iOS App
  • Android App
  • Chrome Extension
• Video Library
  • LoginTC Basics
  • LoginTC Policies
  • User Management
  • LoginTC MSP Hub
  • LoginTC RADIUS Connector
  • Authentication Methods Management
  • Offline Authentication
  • Cloud User Enrollment
  • On-Premises User Enrollment
  • Authentication Methods for Users
  • AD FS Walkthrough
  • Check Point Walkthrough
  • Cisco Walkthrough
  • Amazon Workspace Walkthrough
  • Barracuda Walkthrough
  • F5 Big-IP APM Walkthrough
  • Fortinet Fortigate Walkthrough
  • Ivanti VPN Walkthrough
  • Microsoft Entra ID Walkthrough
  • Microsoft Remote Desktop Web Access Walkthrough
  • Microsoft RRAS Walkthrough
  • OpenVPN Walkthrough
  • Outlook Web App
  • Palo Alto Walkthrough
  • SonicWall Walkthrough
  • Sophos Walkthrough
  • SSH Walkthrough
  • VMware Horizon View Walkthrough
  • WatchGuard Walkthrough
  • Windows VPN L2TP
  • LoginTC Managed Walkthrough
• Connectors
  • AD FS
  • Apache
  • Barracuda
  • Box
  • Check Point
  • Cisco ASA
  • Citrix NetScaler
  • Dropbox
  • Microsoft Entra ID External Authentication Methods (EAM)
  • F5 BIG-IP APM
  • Fortinet Fortigate
  • Freshdesk
  • Juniper
  • MariaDB
  • Netgate pfSense
  • Office 365
  • OpenAM
  • OpenVPN
  • OpenVPN AS
  • OWA
  • Palo Alto
  • PostgreSQL
  • Pulse Connect Secure
  • RADIUS
  • Two Factor Authentication (MFA) for RD Gateway (RADIUS)
  • Two Factor Authentication (MFA) for Remote Desktop Web Access (RD Web)
  • Sophos UTM
  • SonicWALL SRA
  • SiteMinder
  • Unix SSH
  • VMware Horizon View
  • Web
  • WatchGuard
  • WatchGuard Access Portal
  • Windows Logon and RDP
• Tools
  • User Sync
• REST API
  • Users
  • Domains
  • Tokens
  • Bypass Codes
  • Hardware Tokens
  • Sessions
  • Organizations
  • Client Libraries
• Downloads
• Release Notes
  • LoginTC RADIUS Connector
  • LoginTC AD FS Connector
  • LoginTC RD Web Access
  • LoginTC RD Gateway SSO
  • LoginTC Windows Logon Connector
  • LoginTC OWA
  • LoginTC Managed
  • User Sync Tool
• Service Status
• Knowledge Base
• Help

Policies Guide

• Overview
• Types
  • Organization Policy
  • Application Policy
  • Group Policy
• Managing
  • Create a Policy
  • Edit a Policy
  • Edit the Organization Policy
• Applying to an Application
  • Apply a Application Policy
  • Apply a Group Policy
  • Edit Group Policy priority order
• Policy Settings
  • Policy Details
  • Authentication Methods
  • Iframe Display
  • Time of Day
  • Geo-Location
  • Geo-Velocity
  • LoginTC App
  • Remembered Devices
  • Offline Authentication
• Troubleshooting

Overview

Policies are a set of rules that can be applied to a group of users during authentication. Policies work exclusively with Applications, for more information see Applications Guide.

Types

Policies allow administrators to dictate how and when users authenticate for a particular policy. There are three types of policies:

Organization Policy

The Organization Policy applies to the entire LoginTC Organization and is the default Policy when Application Policy and Group Policies are not present.

Application Policy

The Application Policy applies to all users authenticating to an Policy. It overrides the Organization Policy.

Group Policy

The Group Policy applies to specific group of users authentication to an Policy. It overrides both Organization Policy and Application Policy. Group Policies are in priority order. If a user is part of multiple groups, then the first Group Policy found will be the one applied.

Managing

Create a Policy

To create a new Policy:

1. Log in to LoginTC Admin
2. Click Policies
3. Click + Create Policy
4. Enter a Name and select desired policies:
5. Click Create

Edit a Policy

To edit an existing Policy:

1. Log in to LoginTC Admin
2. Click Policies
3. Click desired Policy
4. Perform desired edits
5. Click Save

Edit the Organization Policy

To edit the Organization Policy:

1. Log in to LoginTC Admin
2. Click Policies
3. Under Organization Policy section click Edit
4. Perform desired edits
5. Click Save

Applying to an Application

Policies can be applied to an Application as an Application Policy or a Group Policy. The Organization Policy is the defualt Policy applied when no other policies are present.

Apply a Application Policy

To apply an Application Policy:

1. Log in to LoginTC Admin
2. Click Applications
3. Click desired Application
4. Under Application Policy section click Apply Application Policy
5. Select the desired Application Policy from the dropdown
6. Click Apply

Apply a Group Policy

To apply a Group Policy:

1. Log in to LoginTC Admin
2. Click Applications
3. Click desired Application
4. Under Group Policy section click Apply Group Policy
5. Select the desired Group Policy from the dropdown
6. Select the desired Group(s), more than one Group can be selected
7. Click Apply

Edit Group Policy priority order

To edit Group Policy priority order:

1. Log in to LoginTC Admin
2. Click Applications
3. Click desired Application
4. Under Group Policy section click Edit Priority Order
5. Drag and drop Group Policies in desired priority order
6. Click Save Priority Order

Policy Settings

Policy Details

Specify a name a description for organizing your LoginTC policies.

Property	Explanation
Name	The name of the policy. This name will appear throughout the Admin Panel and in particular on the Applications policy management pages.
Description	A short description of this policy

Authentication Methods

Dictate which authentication methods are permitted for use.

Authentication Method	Explanation
LoginTC Push	Allow users to authenticate with push based authentication to their LoginTC app
Push Number Matching	When available, the user must match a displayed number when approving a request
Software One-time Password (OTP)	Allow users to authenticate with the software OTP token displayed in the LoginTC app
Passcode Grids	Allow users to authenticate with a passcode grid
Hardware Tokens	Allow users to authenticate with a hardware token associated with them
Security Keys	Allow users to authentication with a Security Key associated with them
Email One-time Password (OTP)	Allows users to authenticate with One-time Passwords (OTP) emailed to them
SMS One-time Password (OTP)	Allows users to authenticate with One-time Passwords (OTP) sent to them via SMS text messages
Phone Call	Allows users to authenticate by receiving a phone call
Bypass Codes	Allow users to authenticate using bypass codes in case they lose their 2nd factor device

Iframe Display

Control how the LoginTC iframe authentication window is displayed to users.

Property	Explanation
Normalize Iframe	When using iframe based authentication only, show options that are enabled
Iframe Logo	What logo to display in the top portion of the iframe window. The options are Default, Domain Image and Disabled.
Languages	Select which language options are shown in the iframe. The options are English, French and German

Time of Day

Enforce policy based on time of day.

Geo-Location

Enforce policy based on the location of the users access device. LoginTC retrieves geo-location information from the users access device IP address when available. If the IP Address is reserved or a local address, or unknown then the location will simply be unknown.

Geo-Velocity

Enforce policy based on the subsequent change of locations of the users access device from subsequent logins. LoginTC retrieves geo-location information from the users access device IP address when available.

LoginTC App

Specify which LoginTC Apps are permitted for authentication. When unchecked LoginTC Push, Software One-Time Password (OTP) and Offline QR Scan based authentication will be disabled. Future and existing tokens cannot be used for authentication.

Remembered Devices

Enforce policy to allow a Windows device to be remembered for specified duration until the user signs out of their machine, reboots, logs in offline or changes networks. This feature applies to console unlock logons.

Remembered devices also works offline when Offline Authentication is enabled and configured.

Offline Authentication

Specify offline authentication behaviour. Settings take effect next time the user logs in online into the LoginTC Windows Logon Connector.

Property	Explanation
Offline QR Scan Authentication	Allow users to authenticate using offline QR Scan
Passcode Grids	Allow users to authenticate with a passcode grid
Offline Bypass Codes	Allow users to authenticate using offline bypass codes. Allow up to a certain number of issued codes. Codes are regenerated each time the user logs in online
Hardware Token	Allow user to authenticate with offline hardware token associated with them
Security Keys	Allow users to authenticate using offline Security Key.
Authenticator App	Allow users to authenticate with a software token (OTP) using an authenticator app like Google Authenticator.
Offline Days Limit	Allow users to login up to a certain number of days when offline
Successful Offline Login Limit	Allow users to login a certain number of times when offline
Invalid Offline Login Limit	Limit invalid login attempts when offline

Troubleshooting

Need help? Please see our Help Page, Knowledge Base or contact us directly at support@cyphercor.com.