-
Allow Mobile Registration:
-
Setting to “True” enables users in the matching group to register a mobile app, with TruU as an authenticating device. A value of “False” will prevent users from registering
-
Setting to “True” enables users in the matching group to register a mobile app, with TruU as an authenticating device. A value of “False” will prevent users from registering
-
Select Enrollment Workflow:
-
Enrollment workflows require a self-service component from the registering user, and optionally allow for up to 2 additional identity verification steps (by a manager, and/or an Entitlement Group)
-
Enrollment workflows require a self-service component from the registering user, and optionally allow for up to 2 additional identity verification steps (by a manager, and/or an Entitlement Group)
-
Use same workflow for Re-enrollment:
-
By setting this to “False”, you can specify a different enrollment workflow for a first time user vs an existing user. For example, you might wish to allow a new hire to enroll with a password on their first day, but then use a passwordless flow for enrollment thereafter
-
By setting this to “False”, you can specify a different enrollment workflow for a first time user vs an existing user. For example, you might wish to allow a new hire to enroll with a password on their first day, but then use a passwordless flow for enrollment thereafter
-
Allow Public App:
-
Setting to “True” enables user to register using the TruU mobile app from the public app stores. A value of “False” will prevent use of the public apps; this should only be selected if deploying TruU by integrating our technology with another app using the TruU SDK, and/or if enabling users for FIDO security keys only
-
Setting to “True” enables user to register using the TruU mobile app from the public app stores. A value of “False” will prevent use of the public apps; this should only be selected if deploying TruU by integrating our technology with another app using the TruU SDK, and/or if enabling users for FIDO security keys only
-
Managed Device Only:
-
Setting to “True” restricts TruU enrollment to corporate managed mobile devices only
-
Setting to “True” restricts TruU enrollment to corporate managed mobile devices only
- Device Biometrics:
-
Setting to “Enabled” informs the mobile app to have the user enroll their device using the device biometrics. Setting to “Disabled” informs the mobile app that your organization does not wish to use biometrics with TruU and will result in enrollment asking the user to create a TruU app PIN only
-
Enrollment Requirements:
-
Setting to “Allow PIN Only” enables users to register a mobile device that does not have supported biometrics to enroll. A value of “PIN + Biometrics” will prevent users from enrolling a mobile device if the device does not have supported biometrics
-
Setting to “Allow PIN Only” enables users to register a mobile device that does not have supported biometrics to enroll. A value of “PIN + Biometrics” will prevent users from enrolling a mobile device if the device does not have supported biometrics
-
Select PIN Profile for Mobile Devices:
-
Choose a PIN Profile to specify the required PIN length and complexity rules for users enrolling mobile devices
-
Choose a PIN Profile to specify the required PIN length and complexity rules for users enrolling mobile devices
-
Allow Desktop Registration:
-
Setting to “True” enables users in the matching group to register a computer, with TruU as an authenticating device. A value of “False” will prevent users from registering
-
Setting to “True” enables users in the matching group to register a computer, with TruU as an authenticating device. A value of “False” will prevent users from registering
-
Select Enrollment Workflow:
-
Here you can define how your users will enroll with TruU. Enrollment workflows require a self-service component from the registering user, and optionally allow for up to 2 additional identity verification steps (by a manager, and/or an Entitlement Group)
-
Here you can define how your users will enroll with TruU. Enrollment workflows require a self-service component from the registering user, and optionally allow for up to 2 additional identity verification steps (by a manager, and/or an Entitlement Group)
-
Use same workflow for Re-enrollment:
-
By setting this to “False” you can specify a different enrollment workflow for a first time user vs an existing user. For example, you might wish to allow a new hire to enroll with a password on their first day, but then use a passwordless flow for enrollment thereafter
-
By setting this to “False” you can specify a different enrollment workflow for a first time user vs an existing user. For example, you might wish to allow a new hire to enroll with a password on their first day, but then use a passwordless flow for enrollment thereafter
-
Managed Device Only (MacOS):
-
Setting to “True” restricts TruU enrollment to corporate managed Mac computers only
-
Setting to “True” restricts TruU enrollment to corporate managed Mac computers only
-
Managed Device Only (Windows):
-
Setting to “True” restricts TruU enrollment to corporate managed Windows computers only
-
Setting to “True” restricts TruU enrollment to corporate managed Windows computers only
- Device Biometrics:
-
Setting to “Enabled’ informs the desktop authenticator to have the user enroll their device using the device biometrics. Setting to “Disabled” informs the desktop authenticator that your organization does not wish to use biometrics with TruU and will result in enrollment asking the user to create a TruU app PIN only
-
Enrollment Requirements:
-
Setting to “Allow PIN Only” enables users to register a desktop authenticator that does not have supported biometrics to enroll. A value of “PIN + Biometrics” will prevent users from enrolling a desktop authenticator if the device does not have supported biometrics
-
Setting to “Allow PIN Only” enables users to register a desktop authenticator that does not have supported biometrics to enroll. A value of “PIN + Biometrics” will prevent users from enrolling a desktop authenticator if the device does not have supported biometrics
-
Select PIN Profile for macOS:
-
Choose a PIN Profile to specify the required PIN length and complexity rules for users enrolling Macs (Mac Authenticator is currently available for Early Access customers only)
-
Choose a PIN Profile to specify the required PIN length and complexity rules for users enrolling Macs (Mac Authenticator is currently available for Early Access customers only)
-
Select PIN Profile for Windows:
-
Choose a PIN Profile to specify the required PIN length and complexity rules for users enrolling Windows
-
Choose a PIN Profile to specify the required PIN length and complexity rules for users enrolling Windows
-
Limit Device Enrollment:
-
Setting to “True” allows you to specify how many devices a user can enroll for authentication. When set to “True”, you must specify how many devices can be enrolled. If you allow multiple device types to be enrolled by a user (e.g. mobile, computer and 3rd party FIDO devices), you can optionally set limits for each.. A value of “False” enables users to enroll as many devices as they’d like
-
Setting to “True” allows you to specify how many devices a user can enroll for authentication. When set to “True”, you must specify how many devices can be enrolled. If you allow multiple device types to be enrolled by a user (e.g. mobile, computer and 3rd party FIDO devices), you can optionally set limits for each.. A value of “False” enables users to enroll as many devices as they’d like
Configuring Identity Verification Workflows Configuring Registration Policies