6.14. Policy checker¶
When configuring complicated policies, you may wonder if you configured the policies correctly and if the user
maria in realm
realm1 is able to enroll a Google Authenticator in the Selfservice Portal.
For this you can use the policy checker in the Web UI that can be accessed via Tools -> Check policy. (see The policy checker dialog).
The policy checker simulates the action with the user, that you enter in the dialog.
Then the system tells you, which policy will be applied. Therefore you always need to enter the username, the realm and an action, that you want to check.
You can also check enrollment or authentication policies like
otppin to determine,
how many tokens a certain user is allowed to own of if a certain user needs to authenticate with his OTP PIN
or his directory password.