Skip to main content

Configure user registration

User registration requires a user to register their authenticators at login.

Before the end of the registration period, users must log in to Identity as a Service using their password and register the configured second-factor authenticators. After the registration period has expired (or after users have enrolled their second-factor authenticators), password-only authentication is no longer allowed.

When registration is set, the user logs in to Identity as a Service for the first time using their password and is then prompted to register their second-factor authenticator. For example:

  • If a grid card is set as a required authenticator, users must register their grid card and then respond to the grid card challenge.
  • If Knowledge-Based Authenticator (KBA) is set to required, IDaaS prompts the user to set their questions and answers.

Configure Registration

  1. Click > Policies > Registration. The Registration pages appear.
  2. Click Registration. The Registration page appears.
  3. Select Registration Enabled to require users to register their authenticators the first time they log in to Identity as a Service.
  4. Set the User Registration Period in days.
    1. For new users, days are counted starting from the day the user account is created.
    2. For existing users, days are counted from the day the account is required to register.
    3. Registration can be set by the administrator for individual users in bulk.
  5. From the Registration Authenticators list, set the available authenticators to Required, Optional, or Disabled. You must set at least one authenticator to required or optional.
  6. If you select Grid Card as required or optional, you must also do the following:
    1. Select Enable Self Grid Card Assign to allow users to self-assign a grid card by serial number.
    2. Select Enable Self Grid Card Create to allow users to create a new grid card during self-registration.
      note

      Ensure that the Registration Authenticators that you select are allowed for the applicable resource rule that protects access to the application.

  7. Set the Minimum Number of Second-factor Authenticators to the minimum number of authenticators a user must register.
  8. Optional. If you need to make changes to authenticators after your users have already registered, see Bulk user registration to force all users to re-register their configured second-factor authenticators.
  9. Click Save.