Roles Criteria for Authentication Policies

Roles Criteria in Authentication Policies

Beginning in version 2022.6.8, RapidIdentity has created a Roles Criteria to define within Authentication polices, as LDAP Criteria will be deprecated in January of 2023.

1. To access this, navigate to Configuration > Authentication > Authentication Policies.

2. Choose an Authentication Policy (or create a new one) and go to the Criteria tab. Select Roles.
   

3. To enable the Roles criteria, click the checkbox next to Enabled.
   Note: This also identifies that you will be using Roles instead of LDAP Filters for this policy.
   From here you have three options:

   1. Add Role: From the dropdown box beneath the checkboxes, determine which role this policy should be applied to.

   2. Apply to Everyone: This will disable the Add Role dropdown and will apply to all users.
      Note: If Apply to Everyone has been selected, the Add Role dropdown and Inverse Match option will not be selectable.

   3. Inverse Match: This will make the policy apply to only those who are not part of the chosen Roles added to the Add Role section.

Also note that there is a flag in the LDAP Criteria tab encouraging admins to switch to Roles Criteria in sight of the planned deprecation. Roles cannot be Enabled if LDAP Filters are enabled.