Authentication Policies


Authentication occurs when a client wishes to interact with the Controller. Authentication has begun when the client receives an API Session and is completed when the API Session is fully authenticated. API Sessions are a high level security context that represents an authenticated session with either the Ziti Edge Client API or the Ziti Edge Management API.

Read more about Ziti Authentication

Access & Manage Authentication Policies

You an access & manage the Authentication Policies in the console by finding the icon on the left hand side navigation menu:

and then clicking on the "Authentication Policies" tab on the top navigation menu:


Default Policies

CloudZiti has a default policy base on certificate authentication:


Adding Authentication Policies

To add a new policy, click on the symbol at the top right of the page.


The new Authentication Policy dialog will open:


Policy Name: Give the policy a name.

Primary Authentication Selection:

  • Certificate Based Authentication:  Enable or Disable certificate based Authentication
    • Allow Expired Certificates: Enable or Disable Expired Certificate to be used
  • JWT Based Authentication: Enable or Disable JWT Authentication - requires at least one JWT Signer

Secondary Authentication Selection:

  • Require JWT From: Select the JWT Signer
  • Require TOTP Code: Enable or Disable the requirement for TimeBased One-Time Password

Removing Authentication Policies

In order to remove an existing policy, you must ensure that no Endpoints are associated with the policy you wish to delete.


Select the policy you wish to delete and click on the symbol to delete.

If you still have any endpoints associated with the policy you wish to delete, you will receive the following error: 


Assigning Authentication Policies

Once you have created an Authentication Policy, you can assign it to existing Identities(Endpoints) or assign it during the creation of a new Identity(Endpoint).


In the Identities(Endpoints) dialog, you will find the follow section which allows you to select which Authentication Policy is assigned.


Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.