Enrollment policies define how users receive their enrollment link and which authentication methods are allowed during their first login (enrollment) and when they add a sign-in method from the Self-Service Portal.
Currently, only the built-in policy is available.
-
Go to Authentication > Enrollment Policies.
-
On the policy you want to configure, click the three-dots icon (
...) > Edit. -
Configure the parameters:
|
Parameter |
Description |
|---|---|
|
Information |
|
|
Default |
Indicates the default policy. Automatically applied when no specific policy is assigned to a user. |
|
Name |
The name of the enrollment policy. |
|
Applies to |
Defines the scope of the policy:
|
|
User enrollment link settings |
|
|
Distribution mode |
Defines how the enrollment link is shared:
To generate an enrollment link for a user, go to their authentication methods and click on Generate an enrollment link. |
|
Send at user creation |
If enabled, the enrollment link is automatically sent after user creation via the selected distribution mode. Default: Enabled |
|
Redirect URI after enrollment |
The URL where the user is redirected after completing enrollment. This URL is used by default if none is specified in the direct API call. |
|
Link lifetime |
Set the validity period of the enrollment link (in hours). Default: 120 hours |
|
Allowed authentication methods |
|
|
Allowed |
Select the authentication methods users can choose during enrollment and when activating an authentication method in the Self-Service Portal. Only the selected methods will be available during enrollment and when adding a new method through the Self-Service Portal. |
|
Forced |
You can force one specific authentication method. If a method is forced, users can only enroll that method at first login. Additional methods can be added later via self-service. |
-
Click on Save to apply the settings.