Fixed Support Center Header - Freshdesk Template
Policy Management - Secret Double Octopus
?

Policy Management

Control authentication behavior and enforce security standards

Overview

Policy Management allows administrators to define how users authenticate, which authentication methods are allowed, how security requirements are enforced, and how policies are applied across users, groups, directories, devices, and portal access.

Key Capabilities

Modify Authentication Policies

Adjust authentication requirements and flows, including password requirements, authenticator settings, security protocol behavior, and additional protection mechanisms.

Apply Policies to Users and Groups

Scope and enforce policies across the environment by applying the relevant settings to directories, users, groups, devices, and self-service options.

Before You Begin

  • Make sure you have administrator access to the Octopus Management Console.
  • Review the organization security requirements before changing policy settings.
  • Save changes before navigating between policy sections.
  • Validate changes with a limited user group before applying them broadly.

1. Modify Directory Authentication Policies

Directory policy settings allow administrators to define authentication behavior for users associated with a specific directory.

Step 1: Navigate to Directories

Log in to the Octopus Management Console and navigate to the Directories section.

Navigate to Directories

Step 2: Select a Directory

Select the relevant directory from the list.

Select Directory

Step 3: Open the Policy Tab

Click Policy to view and modify directory policy settings.

Open Policy Tab

Step 4: Adjust Policy Settings

Adjust the required authentication parameters, such as password length or other policy controls.

Adjust Password Length

Step 5: Save Changes

Save the current policy changes before navigating to another tab or section.

Save Policy Changes
Admin Note: Policy changes may affect user authentication behavior. Always confirm the expected impact before applying changes in production.

2. Configure Authenticator Policy Settings

Authenticator settings define how authentication methods are configured and enforced for the selected directory.

Step 1: Open Authenticators

From the selected directory, open the Authenticators tab.

Open Authenticators Tab

Step 2: Select Algorithm

Select the required algorithm from the dropdown menu, such as SHA256.

Select SHA256 Algorithm
Recommended Practice: Keep authenticator settings aligned with the organization security baseline and avoid using legacy or compatibility settings unless required for a specific use case.

3. Apply Policies to Users and Groups

Policies can be scoped and enforced for users and groups based on directory membership, user configuration, and administrative settings.

Step 1: Navigate to Manage Users

Open the Manage Users section.

Navigate to Manage Users

Step 2: Filter by Directory

Filter the user list by the relevant directory.

Filter Users by Directory

Step 3: Select User or Group

Select the specific user or group that you want to configure.

Select User or Group

Step 4: Open Settings

Click Settings.

Open User Settings

Step 5: Configure Auto-Enrollment

Choose whether to enable Auto-enroll according to the required policy.

Configure Auto-Enroll

Use Case: Auto-Enrollment

Auto-enrollment can help simplify onboarding by allowing eligible users to enroll automatically based on the applied policy. This should be enabled only when the user population and rollout process are ready.

4. Configure Device Policy Settings

Device policy settings allow administrators to control workstation limits, supported protocol versions, and compatibility behavior.

Step 1: Open Device Settings

Navigate to Settings > System Settings, and then click Devices.

Open Device Settings

Step 2: Configure Workstation Limit

Choose whether to limit the number of workstations per user.

Configure Workstation Limit

Step 3: Update Workstation Limit per User

If workstation limit is enabled, update the Workstation Limit per User field.

Update Workstation Limit per User

Step 4: Configure ADPA Version and Compatibility Mode

Choose the minimum supported ADPA version. The recommended version is V3, where supported. To strengthen security protocols, disable Compatibility Mode when it is no longer required.

Configure ADPA Version and Compatibility Mode

Step 5: Set Minimum Supported ADPA Version to V3

Set the Minimum Supported ADPA Version to V3.

Set Minimum Supported ADPA Version to V3

Step 6: Save Device Settings

Click Save to apply the device policy configuration.

Save Device Settings

Important

Before disabling Compatibility Mode, confirm that all relevant clients and services support the selected ADPA version. Disabling compatibility too early may impact older clients.

5. Configure Push Fatigue Protection

Push Fatigue Protection helps reduce the risk of repeated or unwanted authentication prompts by enforcing additional controls around push-based authentication.

Review Push Fatigue Protection

Check the Push Fatigue Protection settings and align the configuration with the organization security policy.

Push Fatigue Protection
Security Recommendation: Push Fatigue Protection should be reviewed as part of the organization’s authentication hardening process.

6. Configure Self-Service Portal Access

Self-service portal settings define which services are available to end users through the portal.

Step 1: Open Self Service

Navigate to Portal, click Self Service, and choose the services to allow for end users.

Open Self Service

Step 2: Review Available Services

Review the available self-service options.

Review Self Service Options

Step 3: Choose Allowed Services

Choose the services that should be available to end users and save the configuration.

Choose Allowed Self Service Options
Example: Organizations may allow users to manage specific authentication or recovery actions through the portal while restricting more sensitive actions to administrators.

Validation Checklist

CheckExpected Result
Directory policy updatedThe selected directory reflects the updated authentication policy.
Authenticator settings savedThe selected authenticator configuration is active.
User or group policy appliedThe correct user or group receives the intended policy behavior.
Device settings configuredWorkstation limits, ADPA version, and compatibility settings are aligned with policy.
Self-service options reviewedOnly approved end-user services are enabled.

Troubleshooting

IssueRecommended Action
Users are not receiving the expected authentication flowConfirm the user is assigned to the correct directory, group, and policy scope.
Policy changes are not reflectedVerify that the changes were saved and that the correct directory or user group was updated.
Older clients fail after policy hardeningReview ADPA version requirements and Compatibility Mode settings.
Users cannot access expected portal servicesReview the Self Service portal configuration and confirm the required services are enabled.

Summary

Policy Management is used to control authentication behavior, enforce security standards, and scope authentication rules across users, groups, directories, devices, and portal services. Administrators should review policy changes carefully, save each configuration update, and validate the impact before broad deployment.

Footer - Secret Double Octopus