6.14. Policy checker¶
When configuring complicated policies, you may wonder if you configured the policies correctly and if the user
maria
in realm realm1
is able to enroll a Google Authenticator in the Selfservice Portal.
For this you can use the policy checker in the Web UI that can be accessed via Tools -> Check policy. (see The policy checker dialog).
The policy checker simulates the action with the user, that you enter in the dialog.
Then the system tells you, which policy will be applied. Therefore you always need to enter the username, the realm and an action, that you want to check.
Note
You can also check enrollment or authentication policies like maxtoken
or otppin
to determine,
how many tokens a certain user is allowed to own of if a certain user needs to authenticate with his OTP PIN
or his directory password.