Skip to main content

Policy configuration overview

When configuring an authentication policy, you have the option of configuring rules in the default policy and creating a custom policy. When a custom policy is created, the rules from the default policy are applied — to which you can customize to meet the security needs of your organization.

Each policy must have a minimum of two authentication rules at any given time. If you want to delete a custom policy, any resources still in that policy must be reassigned to another policy before deletion.


  • Be sure you have enabled at the global level, the multi-factor authentication (MFA) methods you want to make available to your users as part of the login workflow.

    For more information about setting up the global MFA methods, see Global multi-factor authentication (MFA) methods overview.

Next steps

Configure your policy rules like adaptive authentication, blocking rules, and login workflows.