Default Policy & Authenticators

Overview

With Server 3.8.0, two RP applications are pre-packaged: the HYPR Default Workstation Application, and the HYPR Default Web Application. Each application comes with its own set of registration and authentication policies, and AAIDs (i.e. metadata of authenticators). A policy is a set of rules required to perform registration and authentication with the selected set of authenticators.

HYPR Default Workstation Application

This application is used to manage access for Desktop MFA Applications for Windows or Mac OS platforms.

🚧

Please note

There are two notifications at the top of the Control Center. These notify the user that the license key file has not been uploaded, and SSL Pinning is disabled. Please refer to their sections to learn more.

Authentication and Policy Management

Default authenticators, Native and PIN, are pre-installed.

Default Authentication Policies

Admins can view or edit the default policy by clicking on the 'pencil' icon.

After clicking the pencil icon, the admin can view the set of authenticators' metadata already uploaded and default policies.

Default Registration Policy

'defaultRegAction' is the registration policy. The user is prompted with authenticator options during device registration.

Default registration policy is Native ID OR PIN. This means during registration the users will be asked to enroll with their Native ID (for iOS: TouchID or FaceID, and for Android: Biometric prompt). The second registration option is the PIN authenticator which offers an alternative authenticator when a Native ID is unavailable.

Default Authentication Policy

defaultAuthAction is the default authentication policy - Native OR PIN

📘

Edit Policy

To learn more about editing policy, refer to the Editing RP Application section.

HYPR Default Web Application

This application should be used to manage access to Web Applications.

🚧

Please note

There are three notifications at the top of the Control Center. These notify the user that the license key file has not been uploaded, SSL Pinning is disabled, and a PUSH provider has not been selected. Refer to their sections to learn more.

Default Authentication Policies

Admins can view or edit the default policy by clicking on the 'pencil' icon (as shown in the image above). After clicking the 'pencil' icon, the admin can view the set of authenticators, AAIDs, and configured default policies.

Default Registration Policy

Default AAIDs are Native ID AND PIN

Default Authentication Policy

Default AAID is Native

Default Step-Up Authentication Policy

Default AAID is PIN