Only the password authentication method is configured in the default policy rules. You must edit the policy rules to select the other authentication methods you configured and set the order in which the authentication methods are used for authentication.

You can set up access policy rules that require users to pass credentials through two authentication methods before they can sign in. See Configuring Access Policy Settings.

Enable and configure the authentication methods that your organization supports. See Configuring User Authentication in VMware Identity Manager.

1

In the administration console Identity & Access Management tab, select Manage > Policies.

2

Click the default access policy to edit.

3

To open a policy rule page to edit, click the authentication name in the Authentication Method column, or to add a new policy rule, click the + icon.

a

Verify that the network range is correct. If adding a new rule, select the network range for this policy rule.

b

Select which type of device that this rule manages from the and the user is trying to access content from... drop-down menu.

c

Configure the authentication order. In the then the user must authenticate using the following method drop-down menu, select the authentication method to apply first.

To require users to authenticate through two authentication methods, change only to and in the drop-down menu and enter a second authentication method.

Note

All the authentication methods are listed in the drop-down menu, even if they are not enabled. Select only the authentication methods that are listed as enabled on the Connector > Auth Adapters page.

d

(Optional) To configure additional fallback authentication methods if the first authentication fails, select another enabled authentication method from the next drop-down menu.

You can add multiple fallback authentication methods to a rule.

e

In the Re-Authenticate after field, enter the number of hours after which users must authenticate again.

f

(Optional) Create a custom access denied message that displays when user authentication fails. You can use up to 4000 characters, which is about 650 words. If you want to send users to another page, in the Link URL field, add the URL link. In the Link text field, enter the text that should displays for the link. If you leave this field blank, the word Continue displays.

g

Click Save.

4

Click Save.