Okta Authentication Policy with Cloud Exchange

This guide explains how to set up an Authentication Policy in Okta, that with Cloud Exchange, can be used to control how users sign in to Cloud Exchange and other applications that are protected by Okta.

Click play to watch a video.

Configure an Authentication Policy in the Okta

1. 1. Go to Security and click Authentication Policies.
   2. Click Add a Policy.
   3. Enter a name and description for the policy.
   4. Select the applications that you want the policy to apply to.
   5. Click Add Rule.
   6. Add the Rule Name and add the other required rule conditions. In this example we are going to block any of the users in one particular Bad group that need to be blocked with the access of applications. All the users movement to the Bad group are done by the Cloud Exchange.
   7. In THEN Access is set to denied you can also choose other options with Allowed to further verify the user.
   8. Click on Save. Your Authentication Policy setup is completed.

   Set up in Cloud Exchange

   The User Risk Exchange module and the Okta plugin need to be already configured to complete these steps. If not done already, use these links to get instructions to configure these.

   User Risk Exchange Plugin

   Okta Plugin for User Risk Exchange

   

   1. 1. Log in to Cloud Exchange, go to User Risk Exchange, and open a Business Rule.
      2. Configure the Business Rule for any of the user Aggregate Score below 500.
      3. Click Save.
      4. After creating the Action Configuration, click Sync, and the user matching the business Rule will be added to BadGroup in Okta.

   Validate the Auth Policy

   Go to your End User Dashboard and you should not be able to access the application.