Managing Authentication Policies

Disabling Authenticators

Select the application by clicking on the name in the left-side navigation bar. Select the 'Pencil' icon to make any adjustments to the authenticators used by your HYPR Mobile Client.

An authenticator in the HYPR Control Center represents a sensor that can be used to verify your identity. These include fingerprint, camera, or audio sensors that read your fingerprint, face, eye, voice, palm or a decentralized PIN. Authenticators can be turned on and off using the toggle switches within the application's Authenticator Management page.

When an authenticator is toggled off, you will be prompted to confirm if you want to completely disable the specified authenticator.

1468

🚧

Caution

While in production, disabling and enabling authenticators will impact all users enrolled with the authenticator.

Adding New Policies

An admin may add or modify authentication policies. These policies determine which authenticators are required for the given policy.

Admins can create a new policy by clicking Add Policy or modify an existing policy by clicking the 'Pencil' icon.

Each row and unique set (i.e. Set #1, Set #2, etc.) is a policy that the user may choose to use. The set will be determined by the user and enrolled authenticators required. Each selected authenticator in the set, combined by the plus symbol, is required to complete the authentication flow.

3335

Step 1. Give the action a name and add a new policy. The example below shows that PIN is required by the policy. Clicking the '+' icon next to the PIN in the first row creates an "AND" condition such that a mobile app user is required to use a "Step Up" authentication that includes setting up new PIN and another authenticator, such as fingerprint.

Step 2. Clicking the '+' and adding an authenticator in the second row augments the policy to enable a different set of biometrics in the event the first set could not be satisfied by the device.

For example, if this action is being performed and the mobile device does not have a requested authenticator, then the first set is not valid. The second set is then evaluated as the next option.

1138

Step 3. Finally, click 'Save' to save the policy.

📘

Note

The difference between adding and editing a policy is the former requires the admin to enter policy name and description.