6. Policies

Starting with LinOTP version 2.3 also policies for users and administrators are supported. There are two different policy types. The first policy type is for users connecting to the Selfservice Portal. This way it is possible to define, which user from which realm is allowed to perform which action within the Selfservice Portal. The other policy type is for administrators managing the tokens. This way it is possible to define, that an administrator is only allowed to manage tokens within a certain realm. A policy consists of the values:

Active

If you want to turn off a certain policy, you do not need to delete the policy but you can mark the policy inactive.

Policy name

This is the name, just to identify the policy.

Scope

This is the scope, for which the policy is defined. Valid scopes are selfservice, admin, system and enrollment etc.

Action

This is the action, which means, if this policy is valid for a certain user, the user will be allowed to do this. Several comma separated actions may be entered here.

User

This is the username, for whom this policy will be valid. Several comma separated username may be entered here. For more information see Users in policies.

Realm

This is the realm, for which the policy is defined.

Client

The client IP or subnet for which this policy is defined. For more information see Clients in policies.

Time

N/A

• 6.1. Admin Policies
• 6.2. Audit Policies
• 6.3. Authentication Policies
  • 6.3.1. OTP PIN variants
  • 6.3.2. Authentication Passthrough
  • 6.3.3. Pass on no Token
  • 6.3.4. Challenge Response
  • 6.3.5. Forward Request to Remote Server
  • 6.3.6. Forward Request to Remote Server for User without Token only
  • 6.3.7. Setup KeyIdentity QR Token
  • 6.3.8. KeyIdentity Push Token Policies
  • 6.3.9. URL for QR-TAN Tokens
  • 6.3.10. Choose SMS Provider
  • 6.3.11. SMS Provider Failover
  • 6.3.12. Automatic SMS sending
  • 6.3.13. SMS Text
  • 6.3.14. Enforce SMS Text
  • 6.3.15. SMS Dynamic Mobile Number
  • 6.3.16. Choose E-mail Provider
  • 6.3.17. Email Subject
  • 6.3.18. Email Text
  • 6.3.19. Email dynamic address
  • 6.3.20. Automatically Disable or Delete Token
  • 6.3.21. Voice Token Policies
• 6.4. Authorization Policies
  • 6.4.1. Authorization
  • 6.4.2. Token Types
  • 6.4.3. Serials
  • 6.4.4. Setting Realms
  • 6.4.5. Returning Details on validation
• 6.5. Enrollment Policies
  • 6.5.1. Token limits per Realm
  • 6.5.2. Token limits per user
  • 6.5.3. Random OTP PIN
  • 6.5.4. Encrypted OTP PIN
  • 6.5.5. Token issuer
  • 6.5.6. Token labels
  • 6.5.7. Auto Assignment
  • 6.5.8. Ignore Auto Assignment Pin
  • 6.5.9. Autoassigment without Password Check
  • 6.5.10. Lost token
  • 6.5.11. Purge rollout tokens
  • 6.5.12. U2F App ID
  • 6.5.13. U2F Valid Facet
• 6.6. Notification Policies
  • 6.6.1. Token autoenrollment with user notification
• 6.7. Gettoken Policies
• 6.8. OCRA Policies
• 6.9. Reporting Policies
  • 6.9.1. Activate Reporting
  • 6.9.2. Configure Access
• 6.10. Selfservice policies
  • 6.10.1. OTP PIN policies
  • 6.10.2. Retrieving OTP values
• 6.11. System policies
• 6.12. Users in policies
  • 6.12.1. Extensions for user field in LinOTP =>2.8.1
• 6.13. Clients in policies
• 6.14. Policy checker
• 6.15. Importing and exporting policies
• 6.16. Best practice - policy example
  • 6.16.1. Administrators
  • 6.16.2. System
  • 6.16.3. Selfservice