The Security Policies system in the eTag Fuse platform enables administrators to enforce consistent security rules across users, groups, roles, identity providers, and applications. By configuring security policies, administrators can define how users authenticate, manage their sessions, and interact with the platform, ensuring that security standards are met across the organization.
Security policies allow administrators to configure whether credentials can be persisted, such as enabling a "Remember Me" function for user sessions.
Administrators can define password policies that enforce password strength, complexity, expiration, and history requirements. This ensures that user credentials are strong and meet security standards.
Security policies allow administrators to control session behaviors, including session timeouts, idle time limits, and concurrent session restrictions.
MFA policies can be enforced to add an extra layer of security for user authentication. Administrators can configure MFA methods such as Time-based One-Time Passwords (TOTP), SMS codes, or email verification.
Administrators can define policies that restrict access to resources based on dynamic conditions, such as geolocation, time of day, or the user’s device.
Security policies can be applied to individual users or groups, allowing for tailored security configurations based on roles or organizational units.
Administrators can enforce certificate-based authentication, requiring client certificates to authenticate users or systems. This provides an extra layer of security, particularly for high-security environments.
Fuse enables administrators to configure security code and Time-based One-Time Password (TOTP) settings, defining how codes are generated, delivered, and verified.
Security policies in Fuse can be assigned to specific identity providers, ensuring that users authenticating through different providers are subject to the appropriate security controls.
MFA Enforcement for High-Risk Logins: An organization configures a security policy that requires MFA for any login attempts from outside the company’s network. Users logging in from unrecognized locations must verify their identity with a second authentication factor, such as an SMS code or authentication app.
Session Timeout Policies for Finance Department: A financial institution enforces strict session timeout policies for users in the finance department. Sessions automatically log out after 10 minutes of inactivity, ensuring that sensitive financial data is protected from unauthorized access.
Geolocation-Based Access for Remote Employees: A global company uses Fuse’s security policies to restrict access to sensitive systems based on geographic location. Remote employees can only access certain applications if they are located in specific countries, ensuring compliance with data residency regulations.
The Security Policies system in the eTag Fuse platform provides comprehensive tools for enforcing consistent security rules across users, groups, and identity providers. By configuring policies for authentication, access control, and session management, administrators can ensure that security standards are consistently applied across the entire platform.