Waveset policies set limitations for Waveset users by establishing constraints for Waveset accountID, login, and password characteristics.
Waveset also provides Audit policies that are specifically designed to audit user compliance. Audit policies are discussed in Chapter 13, Identity Auditing: Basic Concepts
Policies are categorized as the following types:
Identity System Account Policies. Establish user, password, and authentication policy options and constraints. You assign Identity System Account policies to organizations from the Create and Edit Organization pages or to users from the Create and Edit User pages.
You can set or select the following options:
User Account Policy Options. Specify how Waveset treats user accounts if a user fails to correctly answer authentication questions.
Password Policy Options. Set password expiration, warning time before expiration, and reset options.
Secondary Authentication Policy Options. Determine how authentication questions are presented to the user, whether the user can provide his own authentication questions, enforce authentication at login, and establish the bank of questions that can be presented to a user.
Service Provider System Account Policies. Use this policy type in a service provider implementation to establish user, password, and authentication policy options and constraints for service provider users. You assign the policies to organizations from the Create and Edit Organization pages or to users from the Create and Edit Service Provider User pages.
String Quality Policies. Includes policy types such as password, accountID, and authentication. Use to set length rules, character type rules, allowed words, and attribute values. This policy type is tied to each Waveset resource and is set on each resource page. The following figure provides an example.
You can set the following options and rules for passwords and accountIDs:
Length rules. Determine minimum and maximum length.
Character type rules. Set minimum and maximum allowable values for alphabetic, numeric, uppercase, lowercase, repetitive, and sequential characters.
Password re-use limits. Specify the number of passwords preceding the current password that cannot be reused. When a user attempts to change his password, the new password will be compared to the password history to ensure this is a unique password. For security reasons, a digital signature of the previous passwords is saved; new passwords are compared to this.
Prohibited words and attribute values. Specify words and attributes that cannot be used as part of an ID or password.
You create and edit Waveset user policies from the Policies page. To open this page, follow these steps:
Log in to the Administrator interface.
Click the Security tab, then click the Policies subtab.
The Policies page opens as shown in the following figure.