Authentication policy

You can require that users authenticate before they access a website, URL, or even a web application. These modes are available:
  • Require. Indicates that authentication is required. When you select this mode, you must select an identity provider. Users cannot access a website without authentication.
  • Optional. Indicates that the user can authenticate or skip authentication. This mode allows users to access websites without needing to log in. This is useful to reduce service impact of locked accounts or when users forget their two-factor authentication token. With this mode, users can access all websites allowed by the policy.
  • None. Indicates that authentication is not required. If no threat is detected by ETP, the user is granted access to the requested website or URL.

If authentication is required or optional, you must associate an identity provider to the policy. An identity provider uses a directory service to manage users. This information allows ETP to grant access to your users. The identity provider also includes authentication requirements that are enforced when users authenticate, such as factors of authentication for multi-factor authentication, the lifetime of an authenticated session, and more. For more information, see Identity providers.

You can restrict certain types of access to specific users or groups. For example, you can:
  • Allow only specific users or groups to access websites in a custom list.
  • Exempt uploads made by specific users or groups from data loss prevention (DLP) scanning. For more information on DLP, see Data loss prevention.
  • Allow specific users or groups to access websites or web applications based on risk level, category, category operation, application, and application operation. For more information, see Application visibility and control.