Defining Credibility Policies

You can define credibility policies for various groups or individuals within your organization. These policies assess, in real-time, the credibility or risk of users when they log on to your organization’s network.

To control access, you assign a score to each of the categories important to you in the policies you define. Someone logging in from the headquarters’ LAN during regular working hours on a company-issued laptop would receive a higher score than someone accessing the network from an unsecure mobile phone.

Once a credibility policy is defined, it must be linked to a security policy in order to be enforced. Credibility policies can be linked to one or more security policies. The security policy has a “Risk-based” tab where risk-based authentication can be enabled or disabled at the policy level. This allows you to selectively enable risk-based authentication for some users if desired. If risk-based authentication is enabled for a security policy, you must choose credibility policies for both Managed clients and Unmanaged/Internet-based clients from the drop-downs shown below.

Credibility Policy Concepts.

Enabling Credibility-based Authentication

  1. In the PortalGuard window, click Edit Bootstrap.

Credibility Policy Concepts.

  • Select an option from the Condition Type pulldown.  In the example shown below, we have selected IP Address and named it Corp_LAN.

Credibility Policy Concepts.

  1. Continue defining all the network types, and apply a relative score to each one. Click Save on the Category dialog to save the changes to the Network category, then click Save in the Credibility Policy window to commit all changes to the policy as a whole.

NOTE: Clicking Cancel on the Credibility Policy after making changes will lose ALL changes made to Categories or Identifiers for the policy during that edit session. You will be prompted for confirmation if this is the case.

When you have completed defining your network policy, the Credibility Policy window shows the name of the policy for the Network category, a list of the Identifiers you have defined with their scores in parentheses, and the total of those scores in the Maximum possible score box. The image below shows an example:

  1. If you want to define a radius around your location that would receive a higher relative score, as in the case of a campus, for example, click the Find a location! link.
  2. The Find Latitude and Longitude application appears. Find the coordinates for your location.
  3. Copy (Ctrl/C) the decimally formatted values for latitude and longitude listed under Selected Location (Approximate) below the map. (Do not use the coordinates listed with degrees, minutes, and seconds.)  Close the website.
  4. Paste the latitude and longitude into the fields in the Geolocation (GPS) section of the window.

Credibility Policy Concepts.

. In the Settings tab, select Device Operating System or Device Type.

Type a name for the Identifier and assign a score.

In the Settings tab, select the days of allowed access.

Specify a Start Time and End Time for allowed access. Note that hours are based on a 24-hour clock (military time).

Type a name for the Identifier and assign a score.

Click Save in the Identifier window. The Credibility Policy window appears, showing the time identifier and score. Note that the Maximum possible score has incremented to reflect score you applied to the Time identifier.

dibility%20Policies_files/image027.png" alt="Credibility_Policy_Time" width="529" height="456" />

Click Save in the Credibility Policy window.