Skip to main content

User registration

User registration requires a user to register their authenticators at login.

Before the registration period ends, users must sign in to IDaaS with their password and register the configured second-factor authenticators. After the registration period expires, or after users enroll their second-factor authenticators, password-only authentication is no longer allowed.

When registration is enabled, users sign in to IDaaS for the first time with their password and are then prompted to register their second-factor authenticators. For example:

  • If a grid card is set as a required authenticator, users must register their grid card and then respond to the grid card challenge.
  • If Knowledge-Based Authenticator (KBA) is set to required, IDaaS prompts users to set their questions and answers.

Configure user registration

  1. Click > Policies > Registration. The Registration pages appear.
  2. Click Registration. The Registration page appears.
  3. Select Registration Enabled to require users to register their authenticators the first time they log in to IDaaS.
  4. Set the User Registration Period in days.
    1. For new users, days are counted starting from the day the user account is created.
    2. For existing users, days are counted from the day the account is required to register.
    3. Registration can be set by the administrator for individual users in bulk.
  5. From the Registration Authenticators list, set the available authenticators to Required, Optional, or Disabled. You must set at least one authenticator to required or optional.
  6. If you select Grid Card as required or optional, you must also do the following:
    1. Select Enable Self Grid Card Assign to allow users to self-assign a grid card by serial number.
    2. Select Enable Self Grid Card Create to allow users to create a new grid card during self-registration.
      note

      Ensure that the Registration Authenticators that you select are allowed for the applicable resource rule that protects access to the application.

  7. Set the Minimum Number of Second-factor Authenticators to the minimum number of authenticators a user must register.
  8. Optional. If you need to make changes to authenticators after your users have already registered, see Bulk user registration to force all users to re-register their configured second-factor authenticators.
  9. Click Save.