Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Thales Authenticator Lifecycle Manager

Policy Management

search

Policy Management

Policy Management provides administrators a centralized interface to define, review, and manage FIDO authentication policies across the organization. It features a structured table (for policy management) that lists all configured policies and provides controlled administrative actions to help preserve policy integrity and ensure compliance.

Policy Management Table

The Policy Management table displays all policies defined within the organization. It includes key metrics and actionable options to help administrators monitor and manage policy usage effectively.

The following table explains each column given in the policy management table.

Column Description
Policy Name The name assigned to the policy.
Type Indicates whether the policy is Generic or Managed. Refer to the Policy Types section for detailed information on the type of policies.
Devices Total number of authenticators to which the policy is assigned.
Users Total number of users enrolled under the policy.
Status Indicates whether a policy is ACTIVE or INACTIVE.

ACTIVE
- Indicates that the policy is assigned to atleast one device.
- Editing is restricted to prevent disruptions to active deployments.

INACTIVE
- Indicates that the policy is not assigned to any device.
- Editing and deletion are permitted, allowing safe updates and cleanup.
Actions Available actions, such as Edit and Delete policies.

Caution

Policies can only be deleted when their status is Inactive. This safeguard prevents accidental removal of policies that are actively in use by devices or users.

Policy Types

Policies determine how authenticators are used and managed within the system. In Thales Authenticator Lifecycle Manager, you can create the following two types of policies:

  • Generic Policy

    • Implements standard FIDO features and behaviors.

    • Ensures cross-vendor compatibility (for example, Thales, YubiKey, and other compliant devices).

    • Offers optional field configurations compatible with a variety of devices.

  • Managed Policy

    • Provides Thales-specific enterprise capabilities that extend beyond standard FIDO features.

    • Includes advanced device management controls (for example Admin PIN enforcement and enhanced compliance settings).

    • Designed for Thales devices requiring stricter operational governance.

Tip

  • Use Generic policies for broad compatibility and simplified deployments.

  • Use Managed policies when enterprise-grade controls and Thales-specific features are required beyond standard FIDO capabilities.

Manage Policies

Administrators can perform the following operations to manage policies:

Search Policies

The Search feature allows administrators to quickly locate policies. Use the search bar to filter policies and view their details based on either the policy name or type.

Create Policies

  1. On the Policy Management screen, click Create Policy.

  2. On the Create Authenticator Policy screen, under Policy Type Selection, select either the Generic Policy or Managed Policy option as per your preferred configuration.

  3. Configure the policy parameters and click Save Policy.

    Basic Information

    1. Policy Name (mandatory): A unique name for the policy (maximum 64 characters).
    2. Description (optional): A brief description to explain the purpose or scope of the policy.

    3. User PIN (mandatory): A secure user PIN to be assigned to a FIDO device. The PIN must be 4 to 6 characters long. This PIN will be set for FIDO devices.

    Optional Enterprise Features

    1. Admin PIN (optional): A secure admin PIN to be assigned to a FIDO device. The PIN must be 16 characters long. This PIN will be set for unmanaged FIDO devices.

    2. Allowed Websites List (Optional): The website(s) where FIDO devices, governed by this policy, are permitted for user authentication . Separate multiple services using semicolons (;).

    Administrative Controls (Optional)

    This section is used to configure controlled administrative actions.

    1. Minimum PIN Length (optional): Minimum PIN length (allowed range: 4 to 63 characters) required for user PINs to be set on FIDO devices.

    2. All device reset management (optional): Enables administrators to control the device reset functionality. When enabled, administrators can perform a factory reset on devices.

    Basic Information

    1. Policy Name (mandatory): A unique name for the policy (maximum 64 characters).
    2. Description (optional): A brief description to explain the purpose or scope of the policy.

    3. User PIN (mandatory): A secure user PIN to be assigned to a FIDO device. The PIN must be 4 to 6 characters long. This PIN will be set for FIDO devices.

    Enhanced Management Features

    1. Admin PIN (mandatory): A secure admin PIN to be assigned to a FIDO device. The PIN must be 16 characters long. This PIN will be set for unmanaged FIDO devices.

      Note

      The Admin PIN is used to enable advanced device management features.

    2. Allowed Websites List (Optional): The website(s) where FIDO devices, governed by this policy, are permitted for user authentication. Separate multiple services using semicolons (;).

    Administrative Controls

    This section is used to configure controlled administrative actions.

    1. Minimum PIN Length (mandatory): Minimum PIN length (allowed range: 4 to 63 characters) required for user PINs to be set on FIDO devices.

    2. All device reset management: Enables administrators to control the device reset functionality. When enabled, administrators can perform a factory reset on devices.

After a policy is successfully created, it appears in the table with the Inactive status. Once an administrator assigns the policy to a device, the status automatically updates to Active.

Edit Policies

Policy editing is permitted only for policies with an INACTIVE status, ensuring safe and non-disruptive updates.

Administrators can edit an inactive policy.

  1. On the Policy Management window, locate the target policy in the list and verify that the status is Inactive.

  2. Click to edit the policy.

  3. Review and update configuration settings as per the requirements.

    Note

    For field descriptions, refer to step 3 of the Create Policies section.

    TALM

  4. Click Update Policy to save changes.

    Now, administrators can assign the updated policy to devices to make it ACTIVE.

Delete Policies

Policy deletion is permitted only for policies with an Inactive status, ensuring safe and non-disruptive cleanup.

  1. On the Policy Management screen, locate the target policy in the list and verify that the status is INACTIVE.

  2. Click to delete the policy.

  3. The Delete Policy window is displayed. Click Delete to confirm the operation.

  4. Policy will be successfully removed from the policy list table.

On this page