Authentication occurs when a client wishes to interact with the Controller. Authentication has begun when the client receives an API Session and is completed when the API Session is fully authenticated. API Sessions are a high level security context that represents an authenticated session with either the Ziti Edge Client API or the Ziti Edge Management API.
Read more about Ziti Authentication
Access & Manage Authentication Policies
You an access & manage the Authentication Policies in the console by finding the icon on the left hand side navigation menu:
and then clicking on the "Authentication Policies" tab on the top navigation menu:
Default Policies
CloudZiti has a default policy base on certificate authentication:
Adding Authentication Policies
To add a new policy, click on the symbol at the top right of the page.
The new Authentication Policy dialog will open:
Policy Name: Give the policy a name.
Primary Authentication Selection:
- Certificate Based Authentication: Enable or Disable certificate based Authentication
- Allow Expired Certificates: Enable or Disable Expired Certificate to be used
- JWT Based Authentication: Enable or Disable JWT Authentication - requires at least one JWT Signer
- Choose the JWT Signer: Select the JWT Signer
Secondary Authentication Selection:
- Require JWT From: Select the JWT Signer
- Require TOTP Code: Enable or Disable the requirement for TimeBased One-Time Password
Removing Authentication Policies
In order to remove an existing policy, you must ensure that no Endpoints are associated with the policy you wish to delete.
Select the policy you wish to delete and click on the symbol to delete.
If you still have any endpoints associated with the policy you wish to delete, you will receive the following error:
Assigning Authentication Policies
Once you have created an Authentication Policy, you can assign it to existing Identities(Endpoints) or assign it during the creation of a new Identity(Endpoint).
In the Identities(Endpoints) dialog, you will find the follow section which allows you to select which Authentication Policy is assigned.