The page has been translated by Gen AI.

Policy

When logging in to SingleID or logging in to an application registered with SingleID, various settings such as login method, authentication session, and password must be set according to the organization’s security policy.

SingleID provides a policy management feature that allows for detailed settings for login and authentication information.
If you have purchased the anomaly detection feature (ADM), you can set it to analyze the user’s login behavior when logging in and alert the user to potential security threats when an unusual authentication is detected.

The policy features provided by SingleID are as follows:

  • Login policy
  • Authentication policy
  • Anomaly detection policy

Using SingleID’s policy feature, you can specify a detailed login method according to who, when, and under what environment logs in to which application, creating a secure authentication environment that meets the organization’s security requirements.

Login Policy

The administrator can set a detailed policy on which authentication means can be used to authenticate when a user logs in to SingleID, and can create a conditional authentication policy for users authenticating in a specific environment if necessary.

Login policy can be configured using the following conditions:

  • Which application is logging in?
  • Who logs in?
  • In what environment do they log in?

To access the login policy menu, navigate as follows:

  • Admin Portal > Policies > Login Policy

Basic Login Policy

The Admin Portal has two default policies created as follows.

  • Admin Portal Policy: Policy to control Admin Portal access rights
  • Default Policy: Basic access control policy for users

The Admin Portal Policy is a login policy applied when logging in to the Admin Portal, and the Default Policy is a login policy applied when logging in to the user portal.

After integrating an application with SingleID, if no separate login policy is assigned, the Default Policy is automatically assigned as the basic login policy.

Notice
The above two basic policies cannot be deactivated or deleted.

Registering a Login Policy

The login policy sets the login policy for administrators and users. You can set login policies based on access environment, application, and situation.

The login policy can be registered through a 4-step screen as follows:

  1. General
  2. Assignment
  3. Initial Redirection
  4. Rules

General

In the general screen, enter the name and description of the login policy.

The fields to be entered are as follows.

NameDescriptionRequired
NameEnter the name of the login policy.Required
DescriptionEnter the description of the login policy.Required
Table. General

Click the Next button to move to the assignment screen.

Assignment

In the assignment screen, specify the application to which the login policy will be applied.

NameDescription
FilterFilters applications by status.
Keyword SearchSearches by application name and description.
Detailed SearchDisplays detailed search options for applications on the screen.
Assign ButtonDisplays the application assignment popup on the screen.
Assigned Application ListThe assigned applications are displayed in a list format. The list starts empty.
Table. Assignment
  1. Click the Assign button to display the application assignment popup on the screen.
  2. Application Assignment popup, select one or more applications to assign to the login policy and click the Assign button.
  3. If all applications have been assigned, click the Cancel button to close the Application Assignment popup.

Initial Redirection

The Initial Redirection screen specifies the user’s login screen entry method and login method

  • Redirected to SingleID’s Sign-in page (login page)

  • Redirected to the external IdP


The explanations for the two methods are as follows:

  • If Redirected to SingleID’s Sign-in page is selected, the SingleID login page will be displayed to the user attempting to log in.
  • If Redirected to the external IdP is selected, the login page of the selected Identity Provider will be displayed to the user attempting to log in.
  • After selecting Redirected to the external IdP, you must select and specify the Identity Provider from the selection list.
  • If Redirected to SingleID’s Sign-in page is selected, you can optionally display a button at the bottom of the SingleID login screen that allows the user to log in through an Identity Provider.
  • AND see the following external IdP buttons on the Sign-In page, you can set up the login screen to display by selecting one or more Identity Providers registered with SingleID in the text input box below and clicking the mouse.
Notice
For settings on registering an Identity Provider or displaying a registered Identity Provider on the login screen, refer to Identity Provider Registration.

Rules

On the Rules screen, you can modify or add login rules and set the priority between login rules.

NameDescription
Rule ListThe login rules are displayed on the screen in a list format. The Default Rule is displayed by default, and the Default Rule cannot be deleted.
Keyword SearchSearches by the name or description of the login rule.
Register ButtonRegisters a new login rule.
Complete ButtonRegisters the login policy.
Table. Rule

Default Rule Setting

The login rule list on the rule screen displays the Default Rule by default.

The Default Rule cannot be deleted and can only be modified. Additionally, when one or more login rules are added, the priority cannot be set. (It is always the lowest priority.)

To modify the Default Rule, follow these steps:

  1. Click on the Default Rule in the rule list.
  2. The WHEN condition of the Default Rule cannot be modified.
  3. The THEN result of the Default Rule can be modified.

NameDescription
Access Permission SettingSets the access permission.
Mandatory Authentication MethodSets the primary login method. Additional login methods can be displayed on the login screen besides the default login method.
MFA AuthenticationSets additional login to be required after the primary login is successful.
Terms and Conditions for Collecting Consent and TermsSets the terms and conditions to be displayed and consent to be obtained when the user logs in to SingleID for the first time.
Save ButtonSaves the modified login rule.
Table. Default Rule
You can select one of the following two options in the access permission setting:

  • Deny Access
  • Allow Access

If you select Deny Access, all user logins will be denied.

If you select Allow Access in the access permission setting, you can set the user’s login method.

Notice

  • If you selected Redirected to the external IdP as the login method on the Initial Redirection screen, the primary login setting will not be displayed on the screen.

  • Essential authentication methods are performed by the external Identity Provider based on the Initial Redirection settings.

    • To allow users to log in through multi-factor authentication, check the MFA authentication checkbox and select one or more authenticators in the text input box.

    • If you want to set up the terms and conditions agreement for users logging in to SingleID for the first time, check the terms and conditions agreement setting (d) checkbox and select one or more terms or conditions to be displayed on the screen in the text input box.

Add Rule

To add a login rule, follow these steps:

  1. Click the Register button at the top right of the rule list.
  2. Enter the name and description of the rule on the rule registration screen.
  3. Refer to the following to enter the rule items:
NameDescription
NameThe name of the rule.
DescriptionRule description.
User Group AssignmentSelect the user group to which the rule will be applied.
Profile Attribute AssignmentClick the ‘Add’ button in the profile attribute assignment list to add attributes. For attribute descriptions and operator explanations, refer to the help below.
Group SettingsSpecifies the group to which the logging-in user belongs.
User Attribute ListSpecifies the attributes of the logging-in user and the conditions for each attribute.
Add User Attribute ButtonDisplays the “Add Attribute” popup on the screen.
Table. Rule Addition
Access Environment
NameDescription
NetworkSpecifies the IP or network range of the logging-in user. The default value is “IP address anywhere”.
- Desktop
- Mobile
PlatformSpecifies the device information of the logging-in user. The default value is “Any platforms”.
- Desktop
- Mobile
BrowserSpecifies the browser information of the logging-in user. The default value is “Any browsers”.
- Edge
- Chrome
- Safari
OSSpecifies the OS information of the logging-in user. The default value is “Any OS”.
- Windows 10
- Windows 11
- Android
- iOS
AND Anomalies (Abnormal Behavior)Sets the condition for whether an anomaly was detected during login.
Anomaly detection condition setting is only possible for tenants who have purchased the Anomaly Detection Management (ADM) option.
To use the anomaly detection function (ADM), you must select the additional option when signing the SingleID usage contract.
If you want to use the anomaly detection function, you can make an additional purchase on the SCP product purchase page.
After setting all the “WHEN” condition areas, set the login method to be used when a user who meets the conditions logs in.
Table. Access Environment
Guide

The following are the attributes of the user that can be selected.

User Attribute Information

Attribute NameData TypeRequiredDescription
keyStringRequiredKey
usernameStringRequiredID
passwordGuardedStringRequiredPassword
statusStringRequiredStatus
mustChangePasswordBooleanRequiredPassword Forced Setting
suspendedBooleanRequiredWaiting Status
creatorString-Creator
creationDateDate-Creation Date
lastModifierString-Last Modifier
lastChangeDateDate-Last Change Date
administratorBoolean-Administrator
displayNameString-Display Name
cnString-Common Name
localString-Locale (Email Sending Standard)
userSourceString-User Source
syncDateString-Last Sync Date
contractNumberString-Contract Number
contractStartDateString-Contract Start Date
contractEndDateString-Contract End Date
agreementDateString-Mandatory Agreement Date
accountStartDateString-Account Usage Start Date
accountEndDateString-Account Usage End Date
partnerOrganizationCodeString-Partner Company Code
approvalUserString-Approval User ID
formattedNameString-Korean Display Name
familyNameString-Korean Last Name
givenNameString-Korean First Name
enFormattedNameString-English Display Name
enFamilyNameString-English Last Name
enGivenNameString-English Name
adDomainString-AD Domain
nickNameString-Nickname
employeeNumberString-Employee Number
epIdString-EP ID
emailString-Email Address
phoneNumberWorkString-Phone Number
mobileString-Mobile Phone Number
titleString-Title
enTitleString-English Title
titleCodeString-Title Code
entitlementString-Position
departmentString-Department Name
enDepartmentString-English Department Name
departmentCodeString-Department Code
organizationString-Company Name
enOrganizationString-English Company Name
organizationCodeString-Company Code
regionString-Location
userStatusString-Employee Status
userTypeString-Employee Type
securityLevelString-Security Level
preferredLanguageString-Preferred Language
executiveYnString-Executive Status
timeZoneString-Time Zone
accountLockedBoolean-Account Lock
accountAutoLockedBoolean-Account Auto Lock
accountDisabledBoolean-Account Disabled
accountSuspendedBoolean-Dormant Account
accountSuspendedTimeDate-Dormant Account Time
lastLoginTimeDate-Last Login Time
accountStateString-Account State
Table. User Attributes

Operators are as follows.

OperatorDescription
EqualsSearches for users whose attribute value matches the condition value.
Not EqualsSearches for users whose attribute value does not match the condition value.
Starts withSearches for users whose attribute value starts with the condition string.
Ends withSearches for users whose attribute value ends with the condition string.
ContainsSearches for users whose attribute value contains the condition string.
Table. Operators

THEN Settings

THEN result area sets the login method and procedure.

In the access permission setting (a), you can select one of the following two options:

  • Deny Access
  • Allow Access Deny Access is selected, all user logins will be denied. (The default value of access permission setting (a) is Deny Access)

To allow users to log in and set detailed login methods, select Allow Access.

NameDescription
Access Permission SettingSets the access permission.
Primary Login SettingSets the primary login method. In addition to the default login method, additional login methods can be displayed on the login screen.
Additional Login SettingSets to require additional login after the primary login is successful.
Terms and Conditions Agreement SettingSets to display the terms and conditions and request agreement when the user logs in to SingleID for the first time.
PC SSO Agent SettingSets to check if a security program (Endpoint Security) is installed on the user’s PC using the PC SSO Agent.
Save ButtonSaves the modified login rules.
Table. THEN
  1. In the selection list of the primary login setting, select the Authenticator to be used for login.
  2. If you want to allow the user to log in with another Authenticator in addition to the selected primary login method, select the checkbox (V) of And allow another factors below: and select one or more Authenticators in the text input box.
Guide

If Redirected to the external IdP is selected as the login entry method on the Initial Redirection screen, the primary login setting will not be displayed.

The primary login is performed at the external Identity Provider according to the Initial Redirection setting.

  1. To allow users to log in through multi-factor authentication, select the checkbox (V) of the additional login setting and select one or more Authenticators in the text input field.
  2. To set the terms and conditions agreement when the user logs in to SingleID for the first time, select the checkbox of the terms and conditions agreement setting and select one or more terms or conditions to be displayed on the screen in the text input box.
  3. To check if a security program (Endpoint Security) is installed on the user’s PC using the PC SSO Agent, select the checkbox (V) of the PC SSO Agent setting. If this setting is enabled, login will be blocked for users who do not have a security program installed on their PC.

If the PC SSO Agent is not registered, the PC SSO Agent setting item will not be displayed on the screen. While the PC SSO Agent setting is enabled, instead of blocking the login of users who do not have a security program installed on their PC, you can require additional authentication by selecting the checkbox below and selecting one or more Authenticators in the text input box.

Click the Save button to register the login rule and return to the rule list.

Rule Priority Management

If one or more login rules have been added, the administrator can set the priority of the login rules. If a user meets the conditions set for multiple rules, the login method will be applied according to the rule with the higher priority.

To set the priority of the login rules, follow the procedure below.

  1. Drag the area to the left of the rule name in the rule list with the mouse.
  2. The priority of the login rules will be determined based on the position where they are dragged and dropped.
  3. The higher the position in the rule list, the higher the priority.
Note
The Default Policy has the lowest priority and cannot be changed.

Policy Status Change

The status of the login policy managed by SingleID is as follows.

StatusDescription
ActiveLogin policy that is working normally
InactiveLogin policy that has been suspended by the administrator
Table. Policy Status
Administrators can change the status of the login policy according to the current status of the login policy as follows:

Current StatusChangeable StatusDescription
ActiveInactiveYou can change the active login policy to inactive by clicking the Deactivate button.
InactiveActiveYou can change the inactive login policy to active by clicking the Activate button. You can also delete the inactive login policy.
Table. Policy Status
Notice

Two login policies provided by default in SingleID, Admin Portal Policy and Default Policy, cannot be deactivated.

When a login policy is deactivated, the applications assigned to the deactivated login policy will be automatically changed to be assigned to the default policy (Default Policy).

Policy Deactivation

To deactivate an active login policy, follow these steps:

  1. Click the policy you want to deactivate in the policy list to move to the policy details screen.
  2. Click the Deactivate button.
  3. Confirm the login policy information (the number of assigned applications, the number of rules included in the login policy) displayed in the Confirm popup, and then click the Deactivate button.
Notice

When a login policy is deactivated, the applications assigned to the deactivated login policy will be automatically changed to be assigned to the default policy (Default Policy).

Even if the deactivated login policy is changed back to active, the previously assigned applications will not be automatically reassigned.

Policy Activation

To change the login policy from inactive to active, follow these steps:

  1. Click on the policy you want to activate in the policy list to move to the policy details screen.
  2. Click the Activate button to change the status of the login policy to active.
Notice
When activating an inactive login policy, the status will be changed immediately without a separate confirmation popup.

Policy Deletion

The administrator can delete the login policy from SingleID.

To delete a login policy, follow these steps:

  1. Click on the policy you want to delete in the policy list to move to the policy details screen.
  2. If the login policy is activated, click the Deactivate button to deactivate the policy.
  3. Click the Delete button displayed at the top right of the deactivated login policy.
  4. A popup screen will appear to confirm the deletion of the login policy.
  5. To delete the login policy, confirm the policy information, enter the name of the policy you want to delete, and click the Delete button.
Note

Deleted login policies cannot be recovered.

When a login policy is deleted, the rules included in the policy are also deleted. Even if you register a login policy with the same name, the deleted rules or settings will not be recovered.

Access Simulation

As the number of login policies and rules increases, it can be difficult to understand which user is subject to which policy for login methods. SingleID provides an access simulation feature that allows administrators to quickly check the login policies and rules applied to users.

Using the access simulation feature, you can select a user and an application to access, and define the user’s login environment (network, device, browser, OS) to predict in advance what kind of login method the user will experience in different cases.

Additionally, if there are users who are having trouble logging in and need to review their requests, you can use the access simulation feature to quickly check and modify the policies or rules that are causing the problem.

To use the access simulation feature, click the Access Simulation button at the top right of the login policy list screen.

NameDescription
User ID InputEnter the user ID to be simulated.
Network SettingsSpecify the IP of the user to be simulated. The default value is “IP address anywhere”.
Platform SettingsSpecify the device information of the user to be simulated. The default value is “Any platforms”.
Browser SettingsSpecify the browser information of the user to be simulated. The default value is “Any browsers”.
OS SettingsSpecify the OS information of the user to be simulated. The default value is “Any OS”.
Application SelectionSelect the application to be simulated. Click the application selection button to display a popup.
Run Simulation ButtonRun the access simulation.
Simulation ResultsDisplay the access simulation results on the screen. The login policies and rules applied to the specified user are displayed.
List ButtonReturn to the login policy list.
Table. Access Simulation

To run the access simulation, follow these steps:

  1. Enter the ID of the user to be simulated.
  2. Specify the IP of the user to be simulated. You can select Specific IP Address and enter the IP directly. Enter the IP in the format 123.123.123.123.
  3. Specify the device information of the user to be simulated. You can select Platform and choose a device from the selection list.
  4. Specifies the browser information of the user to be simulated. After selecting Browser, you can select a browser from the selection list.
  5. Specifies the OS information of the user to be simulated. After selecting OS, you can select an OS from the selection list.
  6. Click the Application Selection button to select the target application to be simulated.
  7. In the Application Selection popup, click the radio button to the left of the application name to select the application, and then click the Add button.
Note

If you want to reselect the application, click the X button to the right of the selected application name, and then click the Application Selection button again.

  1. Click the Simulation Run button.
  2. The access simulation is executed, and when the execution is finished, the login policy and rules screen are displayed according to the simulation result.

Authentication Policy

The administrator may need to change the detailed settings related to authentication according to the organization’s security policy.

SingleID manages the detailed settings related to authentication in the following four policies:

  • Session policy
  • Authenticator policy
  • MFA Service Provider policy
  • Password policy

To access the authentication policy menu, move as follows:

  • Admin Portal > Policy > Authentication Policy

To modify the authentication policy, click the Modify button at the bottom right of the authentication policy screen, change the settings, and then click the Save button.

Session Policy

To change the session policy, follow the procedure below:

  1. Click the Modify button at the bottom right of the authentication policy screen.
  2. Set the maximum number of sessions that a user can create at the same time in the maximum session limit setting.
  3. The minimum value that can be set is 1, and the maximum value is 100. If set to 1, the user can only log in from one browser at a time and cannot log in from multiple PCs or browsers simultaneously.
  4. In the session priority setting, you can set the priority of the session created by the user. The priority can be one of the following two options:
    • Old session
    • New session

If the maximum session limit is set to 1 and Old session is selected in the maximum session limit setting, when a logged-in user attempts to log in from another PC or browser that is not logged in, the login will be blocked.

Additionally, if the maximum session limit is set to 1 and New session is selected in the maximum session limit setting, when a logged-in user attempts to log in from another PC or browser that is not logged in, the session of the previously logged-in browser will be forcibly expired, and the session of the new PC or browser will be maintained.

In the maximum session time setting, you can set the maximum time to maintain a session.

The maximum session time can be one of the following two options:

  • No time limit
  • Set time limit

If set to No time limit, once a session is created, it will not expire automatically until the user logs out. If set to Set time limit and a time is set, the session will expire when the set time passes, and the user will be automatically logged out. In the maximum idle session time setting, you can set the maximum idle session time.

If the maximum idle session time is set, the session will expire if the user does not make an authentication request within the set time, and the user will be automatically logged out.

To save the changed settings, click the Save button at the bottom right of the authentication policy screen.

To discard the changed settings without saving, click the Cancel button at the bottom right of the authentication policy screen.

NameDescription
Maximum session limit settingSets the maximum number of concurrent sessions for the user.
Session priority settingSets the priority between the old session and the new session when the number of concurrent sessions exceeds the maximum allowed.
Maximum Session Time SettingSets the maximum time to maintain a session after it is created. The session expires when the maximum session time elapses.
Maximum Idle Session Time SettingSets the time when a session expires if a user does not make an authentication request to the server for a certain period after the session is created.
Table. Access Simulation

Authenticator Policy

To change the Authenticator policy, follow the procedure below.

  1. Click the Edit button at the bottom right of the authentication policy screen.
  2. Set each item as follows.
  3. When the settings are complete, click the Save button.
NameDescription
Available Authenticator Settings
(for login policy)		Sets the Authenticators available for authentication.
Registration Authentication MethodSets the primary identity verification method for users when registering an Authenticator.
Additional AuthenticationSets the additional identity verification methods allowed for users when registering an Authenticator, in addition to the primary method.
Account SearchSets the authentication method for ID search.
Password ResetSets the authentication method for password search.
Unlock SettingIf a user fails to authenticate repeatedly using Authenticators, their ID will be locked. This setting allows you to specify a time after which the lock will be automatically released.
Table. Authenticator Policy
Notice
  1. To remove an Authenticator specified in the available Authenticator settings, it must first be removed from all login policy rules.

Note: I’ve translated only the Korean text into English, leaving the rest of the content (including HTML, code, and Hugo shortcodes) unchanged. 2. Configurable Authenticators can be registered in the Authenticator addition menu. Disabled Authenticators cannot be set in the available Authenticator settings.

Notice

If you haven’t purchased the MFA product

  • Available Authenticator settings (for login policy) will not be displayed on this screen.
  • To purchase additional MFA products, please contact us through Support Center > Inquiry.
Notice

  1. If a user fails to log in due to repeated incorrect password entries and is locked out, the lock will not be released even after a certain period of time. The password lock and release method should be set in the Password Policy.

  2. If you reset a user’s password in the user menu, you can release the lock before the lock release waiting time. Please refer to the password reset.

MFA Service Provider Policy

To change the MFA Service Provider policy, follow the procedure below.

  1. Click the Edit button at the bottom right of the authentication policy screen.
  2. Refer to the table below and set each item accordingly.
  3. When the settings are complete, click the Save button.
NameDescription
Available Authenticator settings
(for MFA Service Provider)		Sets the Authenticator that users can use when an authentication request occurs from the MFA Service Provider.
Terms and Conditions optionWhen a user is registered from the MFA Service Provider, it can display the terms and conditions and obtain the user’s consent.
Lock release settingsWhen an authentication request occurs from the MFA Service Provider and a user fails to authenticate repeatedly, the ID will be locked. It can set the time for the locked user to be automatically released after a certain period of time.
Table. MFA Service Provider Policy
Notice

  1. To remove the specified Authenticator from the available Authenticator settings, the Authenticator must be removed from all MFA Service Providers first.

  2. The Authenticators that can be set are registered in the Authenticator addition menu. Disabled Authenticators cannot be set in the available Authenticator settings.

  3. To set up the terms and conditions to be displayed to the user and to request the user’s consent when the user authenticates from the MFA Service Provider for the first time, check the checkbox in the terms and conditions option and select one or more terms or conditions to be displayed on the screen in the text input box.

  4. If a user who authenticates from the MFA Service Provider repeatedly fails to authenticate, the user’s ID will be locked. To automatically unlock the lock after a certain period of time, set the lock release waiting time in the lock release settings.

Password Policy

To change the password policy, follow the procedure below.

  1. Click the Edit button at the bottom right of the authentication policy screen.
  2. Refer to the table below and set each item accordingly.
  3. When the settings are complete, click the Save button.
NameDescription
Password HistoryYou can set it to prevent the reuse of previously used passwords. Specify the number of recently used passwords to prevent reuse.
The user will not be able to use the password used in the past as many times as set above.
Password ExpirationSpecify the password validity period. After the validity period has passed, you must change your password to log in.
It can be set from 1 day to 365 days.
Password LockThe user’s ID will be locked when the password is repeatedly entered incorrectly. Specify the number of repeated input failures.
  • Automatic lock release after the set time (minutes) (1-1,440): The account that exceeds the set failure count will be locked for the set time (minutes). Enter the automatic lock release time (minutes).
  • Automatic lock release after password reset
Pattern and ComplexitySet the minimum length, minimum characters, numbers, etc. of the password.
Minimum Character SettingSpecify the minimum length of the password.
Minimum Alphabet SettingSpecify the minimum number of alphabets to be included in the password.
Minimum Number SettingSpecify the minimum number of numbers to be included in the password.
Minimum special character settingSpecifies the minimum number of special characters to be included in the password.
Maximum character settingSpecifies the maximum length of the password.
Allow using user ID as passwordSets whether to allow the user’s ID to be included in the password.
Table. Password policy
Notice
A user locked out due to repeated password input failure must reset their password themselves to be unlocked. To change the status of a user locked out due to repeated password input failure, refer to Changing User Status.

Membership registration policy

To allow user membership registration, you must activate the membership registration policy, which allows registration of users other than those provisioned from the personnel system or IdP. It provides features to register, create, modify, and delete accounts through account synchronization, as well as invite users through the login screen or email.

To activate and use the membership registration policy, follow these steps:

  1. Admin Portal > Policy > Membership registration policy.
  2. Activate Allow user membership registration.
  3. After activation, the Policy tab and User invitation tab will appear.
  4. Refer to the explanations of the Policy tab and User invitation tab below and set the policy.
  5. Once the settings are complete, click the Save button.

Policy

You can set general membership registration policies.

NameDescription
Display membership registration link on login screenDisplays the membership registration link on the SingleID login screen.
  • Display SingleID membership registration screen as a link: Select when using the SingleID membership registration screen as default
  • Display external membership registration screen as a link: Select when having a separate membership registration page
Terms and conditions optionSelects the terms and conditions agreement option during membership registration. During membership registration, you can apply terms and conditions separately.
Allow membership registration invitationWhen activated, you can invite users by email. You can set it so that only invited users can join, without a separate membership registration page. In this case, joining through the SingleID membership registration link is not possible.
Registration Input FormSets the user attributes to be input when signing up. Can be added as required.
ID Duplication Prevention SettingIf activated, a suffix is added to the ID to prevent duplication.
This setting is to prevent cases where the ID of an existing auto-provisioned account is the same.
Since there are many cases where the ID value is the same, setting is recommended. When signing up, the PostFix value is added to the end of the ID.
Maximum Usage PeriodThe maximum usage period is set after signing up. Can be set from 1 to 2000 days.
Approval when Signing upWhen the sign-up approval setting is activated, the registered approval policy can be loaded and set.
Table. Policy Tab

Approval Policy

The administrator can select the approval system and set the policy according to the type, such as sign-up policy and app access policy, with various approval lines. Various approval policies can be applied flexibly whenever the security policy changes.

Approval is possible by dividing it into self-approval system function and Knox Portal approval system. If you need to link with another approval system, please request it through 1:1 inquiry.

To check the approval policy, follow the path below.

  • Admin Portal > Policy > Approval Policy

Approval Policy List

The administrator can select the approval system and set the policy according to the type, such as sign-up policy and app access policy, with various approval lines. Various approval policies can be applied flexibly whenever the security policy changes.

NameDescription
IDAutomatically generated ID when creating an approval policy.
Approval SystemDivided into SingleID and Knox Portal. If you need to register another approval system, please request it through 1:1 inquiry.
TypeDivided into app access and sign-up.
StatusApproval policy status. Unavailable means you need to change the approver and notifier.
Approval UseDivided into in use and not in use. Details button click to view the applications using the approval policy.
Table. Approval Policy List

Approval Policy Registration

Register button, you can set the approval system, type, approver, notification method, and approval period.

NameDescription
Approval System2 options are available.
  • SingleID : Self-approval, available through the user portal
  • Knox Portal : Samsung Knox Portal approval system, available for approval
Type2 options are available.
  • App Access : Application access permission application selection
  • Membership : Membership registration application selection
ApproverSelect and register the approver and notifier.
Notification MethodSelect the notification method when an approval request is received by the approver and notifier.
Table. Approval Policy Registration

Anomaly Detection Policy

SingleID collects and analyzes user behavior information in real-time before and after authentication, determining whether the authentication is abnormal. If it is identified as an abnormal authentication category, it immediately notifies the user of the risk.

To access the anomaly detection policy menu, follow these steps:

  • Admin Portal > Policy > Anomaly Detection Policy
Notice
A detailed description of the anomaly detection policy menu is provided separately to ADM purchasing customers. If you have not purchased the anomaly detection feature as an option, you will not be able to view the policy management menu in the Admin Portal. If you want to use the anomaly detection feature, please contact us through 1:1 inquiry or sales representative.
Identity Store
Terms and Conditions