Configuring Continuous Authentication

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:6分

    • Configure continuous authentication (CA) policies to re-authenticate the users if there's an attempt to access resources that are protected by you.

    始める前に

    • Role required: ca_admin
      注:
      You must elevate your role to ca_admin.
    • You must install the Zero Trust - Continuous Authentication (com.snc.zero_trust_continuous_authentication) for opting CA which requires a license.
    • Enable the Continuous Authentication (glide.zta.continuous_authentication.enabled) system property. For more information, see System properties.
    • Activate the Integration - Multiple Provider Single Sign-On Installer (com.snc.integration.sso.multi.installer) plugin.
    • Understand the pre-work that is required before configuring CA for the instance. For more information, see Pre-work for Continuous Authentication.
    • CA policies can be configured for Data Class or Table.

    手順

    1. Navigate to All > Continuous Authentication.
    2. Select Policies tab.
    3. Select New.
    4. On the form, fill the fields:
      表 : 1. Continuous Authentication
      Field Description
      Policy Name Name of the policy
      Description Generic description to the policy
      Select the resources Options:
      • Data Class. You can create data class and use it for CA policy configuration.
        注:
        To know more about how to create data class, see Data Classification.
      • Table
      注:
      • Table selected with metadata displays an error.
      • You need to check if you actually want to restrict access to the metadata table, since it can impact configuration access to your users.
      • The sys_properties, sys_continuous_auth_policy, sys_user tables are excluded for CA and cannot be added to the CA policy configuration.
      CA Policy record
      注:
      You can use either of the login methods for the CA policy:
      • SSO based login: Specify the fields in the Continuous Authentication tab within the Identity Provider record and the set the Identity Provider record as Active. Continuous Authentication - tab information

        To know more about Identity Providers configuration, see OIDC and SAML.

      • Non-SSO based login: By default, if there are no Identity Provider with Continuous Authentication configuration, Multi-factor Authentication (MFA) is used as a login method. Make sure the MFA properties are Active and configured based on your requirement. To know more about MFA properties, see Multi-factor Authentication system properties.
    5. Select Save & Activate.

    タスクの結果

    Based on the details provided for the configuration, CA policy is created with Access Control List (ACLs) for the selected table or data class. You can view the details of the ACLs that are created by selecting the View ACLs on the policy page.

    CA ACL details

    The CA policy created, prompts the user for authentication to access table or data class that you've protected using the policy, based on the following scenarios.

    • User who had performed local login to log in to the instance, is displayed with platform MFA for step-up authentication.
      MFA-SMS

      注:
      The users recently used MFA factor is displayed for authentication.
    • User who had performed SSO login (OIDC or SAML) to log in to the instance is displayed with the SSO for re-authentication.
      SSO - Screen

    An high assurance session is now established for the user. High assurance session is limited to the High Assurance session length (glide.zta.high_assurance.session.timeout) system property. If the high assurance session time exceeds the property length, the user is prompted for re-authentication or step up authentication.

    To know more about the end to end configuration of continuous authentication for table or data, see: