1. Login to Hysecure Management console with SO (Security Officer).

2. Go to HyID Policy in AUTH MANAGEMENT. Click on Add to create new HyID Policy.

HyID Policy Name : Give name to the Policy.

HyID Policy Description : Add the Description of the policy. This option is Optional.

HyID Policy Type : Select the Type as HySecure from dropdown list.


3. In User Database, fill-up the fields as below :

Select Authentication domain : Select the respective domain from the dropdown list.

Select Authorization Server : Select the option "Same as authentication Server" from dropdown list if its same OR select the Authorization server from the list.

Select Policy assignment Type : Select the option from User/ User Group / Organizational Unit and respectively select the same in Search bar.


4. In HySecure Authentication, fill-up the details as below :

Enable Two factor authentication : Check this option to enable MFA Policy.

Disable Two factor authentication : Check this option to disable created MFA Policy.

Select 2FA tokens : Select the options that you want from Email Token / SMS Token / Email and SMS Token / Mobile token / Hardware Token.

Email and SMS OTP Configuration

Select OTP token length : Select the numbers of digits in OTP.

Select OTP token expiry time : Select the time OTP is valid for.

Enable OTP Token Use for Multiple Time : Check this option to use the same OTP multiple times. 

Select OTP Token Regenerate Timeout : OTP can be regenerated after selected time.

Mobile token Configuration :

Select OTP token length : Select the numbers of digits in OTP.

Select OTP token expiry time : Select the time OTP is valid for.

Enable OTP Token Use for Multiple Time : Check this option to use the same OTP multiple times. 

Select OTP Token Regenerate Timeout : OTP can be regenerated after selected time.

Enable self-service mobile token registration for users : Check this option if you want to allow users to register the Mobile token using Self service portal. ADCS role on AD is required for the same.

Allow Re-activation of Same Device : Select to enable re-activation of mobile token.

Allow Multiple Mobile Devices Per Users: Select to enable registration of same Mobile Token on multiple devices.

Common OTP Configuration :

Account Lockout on Number of Failed Attempts : Select to disable user login after specified failed attempts.

Account Lockout Time : After specified time, user will be able to login again.

Risk Based Profile Configuration :

Disable OTP for WAN IP addresses : Select to disable OTP for specified WAN IP addresses. Users will be able to login directly without OTP token.


5. Click on submit button to create the Policy.


NOTE : Please click on Help option on top right corner for more details.