Blocking rules settings in a policy

Blocking rules are evaluated first before authentication rules. When the behavior of a user triggers any one of the blocking rules, it provides a hard stop and prevents access.

  1. With a policy open in edit mode, select the Blocking Rules tab.

    60556636.png
  2. When modifying a rule, you can do any of the following:

    • To remove a rule, click the minus icon.

    • To change the properties of the rule, click the blue rule link.

  3. To add a new blocking rule, click Add New Rule and choose from the following rule types:

    Dynamic Perimeter

    Rule to determine access based on whether the user login is or is not within a set distance from the previous location.

    For example, if the user login is more than 60 miles from the previous location, then the user is blocked.

    60556644.png

    Country

    Rule to determine access based on whether the user login is or is not within a defined country.

    For example, if the user login is NOT in the United States, then the user is blocked.

    60556643.png

    Geo-velocity

    Rule to determine access based on the speed of travel between the previous login and current login attempt.

    For example, if the user logged in from Los Angeles, California (point A) at 11:15 a.m. and then from New York, New York (point B) at 11:45 a.m. on the same day, then the user is blocked.

    60556642.png

    Group

    Rule to determine access based on group membership.

    For example, if the user is not a member of a specified group, then the user is blocked.

    Note

    Before you can use this rule, groups must be defined in the data store for your organization.

    60556641.png

    IP Range

    Rule to determine access based on IP ranges. You can enter individual values or a range of values in IPv4 format.

    For example, if the user login comes from any of the specified IP addresses, then the user is blocked.

    60556640.png

    Threat Service

    Rule to determine access based on known risks associated with the login attempt as determined by the SecureAuth Threat Service.

    For example, if the user login is associated with a known threat, then the user is blocked.

    Note

    You must have a license to use this feature. To learn more about the Threat Service rule, contact your SecureAuth Account Manager.

    60556639.png

    User

    Rule to determine access based on whether the user login is the same as the specified user ID.

    For example, if the user login matches the user ID, then the user is blocked.

    60556638.png

    User Risk

    Rule to determine access based on user reputation and behavior factors associated with the login attempt.

    For example, if the login reputation and behavior of the user falls into the specified risk level, then the user is blocked.

    Note

    You must have a license to use this feature. To learn more about the Threat Service rule, contact your SecureAuth Account Manager.

    60556637.png
  4. After you add the blocking rules, click Save.