Access policies control which users are authorized to access web applications, based on your criteria. For example, you can grant access to users from a specific Active Directory group, or deny access to users coming from a certain network. You use attribute values from the user store or user session to include or exclude users. All settings in an access policy apply to users in the user store(s) that you select. You use the Access Administration Console to add access policies.
RSA SecurID Access provides preconfigured access policies that you can use immediately without additional configuration. Any new identity sources you add to your Cloud Authentication Service deployment are automatically associated with the preconfigured policies. You can edit these policies directly or clone them and customize as needed. You cannot delete the preconfigured policies.
To access the preconfigured policies, sign in to the Cloud Administration Console and select Access > Policies.
Note:Depending on when your account was created in the Cloud Administration Console, you may or may not see these preconfigured policies.
Assurance Levels for Preconfigured Access Policies
The following table describes the preconfigured access policies with their assurance levels.
Access Policy Name
All Users Low Assurance Level
Requires additional authentication for all users at low, medium, and high assurance levels.
All Users Medium Assurance Level
All Users High Assurance Level
All Users Medium Assurance Level with Low Identity Confidence
Requires additional authentication for all users at medium assurance level when identity confidence is low.
Deployment License Changes
If your deployment license is downgraded, some authentication methods will no longer be available to the preconfigured policies. In these cases, you must reconfigure the assurance levels in the preconfigured policies.
If your deployment license is upgraded, you can add new authentication methods to the assurance level configuration, making them available to the preconfigured policies.
Cloning and Editing a Preconfigured Access Policy
When you clone a preconfigured access policy, RSA SecurID Access copies settings from the original policy to a new policy and names the new policy Clone of original_policy. You can edit the cloned policy to give it a different name and modify the settings. For instructions on cloning access policies, see Clone an Access Policy.
You can edit a preconfigured access policy without cloning. After editing, the policy no longer appears in the list of preconfigured policies but instead appears in the list of custom policies.
Note:If the original policy name is not appropriate after editing, make sure you rename the policy.
Cloned Access Policy Example
The following example displays the four preconfigured policies and a clone of the All Users Medium Assurance Level policy. The cloned policy appears at the bottom of the policy list.