6.14. Policy checker

When configuring complicated policies, you may wonder if you configured the policies correctly and if the user maria in realm realm1 is able to enroll a Google Authenticator in the Selfservice Portal.

For this you can use the policy checker in the Web UI that can be accessed via Tools -> Check policy. (see The policy checker dialog).

../../_images/webui_popup_check_policy.png

The policy checker dialog

The policy checker simulates the action with the user, that you enter in the dialog.

Then the system tells you, which policy will be applied. Therefore you always need to enter the username, the realm and an action, that you want to check.

Note

You can also check enrollment or authentication policies like maxtoken or otppin to determine, how many tokens a certain user is allowed to own of if a certain user needs to authenticate with his OTP PIN or his directory password.