Enrollment policy
Enrollment policies define how users receive their enrollment link and which authentication methods are allowed during their first login (enrollment) and when they add a sign-in method from the Self-Service Portal.
Currently, only the built-in policy is available.
Go to Authentication > Enrollment Policies.
On the policy you want to configure, click the three-dots icon (
...) > Edit.Configure the parameters:
Parameter | Description |
|---|---|
Information | |
Default | Indicates the default policy. Automatically applied when no specific policy is assigned to a user. |
Name | The name of the enrollment policy. |
Applies to | Defines the scope of the policy:
|
User enrollment link settings | |
Distribution mode | Defines how the enrollment link is shared:
To generate an enrollment link for a user, go to their authentication methods and click on Generate an enrollment link. |
Send at user creation | If enabled, the enrollment link is automatically sent after user creation via the selected distribution mode. Default: Enabled |
Redirect URI after enrollment | The URL where the user is redirected after completing enrollment. This URL is used by default if none is specified in the direct API call. |
Link lifetime | Set the validity period of the enrollment link (in hours). Default: 120 hours |
Allowed authentication methods | |
Allowed | Select the authentication methods users can choose during enrollment and when activating an authentication method in the Self-Service Portal. Only the selected methods will be available during enrollment and when adding a new method through the Self-Service Portal. |
Forced | You can force one specific authentication method. If a method is forced, users can only enroll that method at first login. Additional methods can be added later via self-service. |
Click on Save to apply the settings.