Before you can begin to utilize Passly’s services for your organization, you must first configure your Provisioning and Authentication Policies. To access your policies, in the left-hand sidebar click “Policy Manager”. From there, click “Provisioning” to access the Provisioning Policy Settings.
A Provisioning Policy is the policy that dictates how Passly will onboard a new user when they are added to the system. When you first access this page, you will see that there are two policies already made: The Default Policy and the Full Onboarding Policy.
The Default Policy is the policy that dictates what should happen when a user is added to Passly but has not yet been granted access to the platform. The user will be onboarded in a “Created” status. This means a user has been created by you, the account holder, but has not yet been given access into Passly. Passly allows you to add as many users as you would like under your account, as it does not count against your licensing limit unless they are Active.
The Full Onboarding Policy is useful for users who are being added to the system and given access immediately. The options for “Enforce 2FA” and “Onboarding Email” are already selected for you. “Enforce 2FA” requires that users must activate 2FA through one of several methods when they login for the first time. The Onboarding email option automatically sends an email to enrolled users upon being added to the provisioned group. For more information on these options, please read the “editing policies” article.
To view/edit the settings of your default policy, click the three dots on the Default Policy row and choose Edit. Here, you will be able to configure an existing policy to meet your organization’s needs.
- Policy Name - This allows users to give their custom policy a title. If you create/edit a custom policy, you should give it a title that is indicative of the specific state/preferences you are assigning to it.
- Initial State - This option allows you to select the state associated with users under the policy. A state is a category in which users are sorted into according to their current status. The four statuses are the following:
- Created - The user has been added to your Passly user base but has not yet been given personal access to Passly.
- Provisioned - The user has been given an invitation to Passly but has not yet logged in. Typically, provisioned users must accept an email invitation to complete the onboarding process.
- Active - The user has been granted permission to utilize Passly under your licensed Passly account and has successfully registered themselves.
- Disabled - The user is a former user that had been previously provisioned under your license. They will not be able to access Passly unless they are re-provisioned.
- Enforce 2FA - In addition to registering to your Passly account, this user must register their device with the Passly two-factor authentication service. This can be accomplished in a multitude of ways, such as with a mobile device via the app, an SMS code, a Yubikey, etc. Once the user has successfully registered his or her device with Passly 2FA, access to your Passly will be granted.
- Onboarding Email - This option will automatically send an email out to provisioned users inviting them to register with Passly. If they click the invite button/link and follow the instructions given to them, they will become an active user.
- Agent Merge - Agent Merge will allow you to merge locally added users to established directory users if an identical user is detected in the uploaded directory. For example, if “Mary Smith” is added locally but is registered in an uploaded directory, selecting “Agent Merge” will automatically sync the existing user with the new one. If you attempt a directory sync without selecting the Agent Merge option, the imported duplicated user will not be synced. Keep in mind however, that it is recommended that the admin is not synced with any active directories in case a malfunction occurs.
You may add as many provision policies as you’d like by pressing the “+” icon back on the provision policy dashboard screen. The two policies aforementioned are a good starting point for setting up your organization with Passly.
To add a new policy, click the “+” button on the provision policy dashboard screen. You will be brought to a pop up screen with the same options as explained in the “editing policies” section. To save your settings, press the “save” button. To return back to the dashboard without creating the new policy, press the “cancel” button.