Conditional Access
Conditional Access in UniFed allows administrators to enforce security policies based on specific conditions, such as user location, device compliance, and risk levels. This ensures that only trusted users and devices can access sensitive resources, enhancing overall security.
Base URL - Staging
Conditional Access Start - This initiates security protocols based on predefined conditions. It evaluates user attributes, location, and device compliance to enforce access policies, ensuring secure and context-aware access to resources.
curl -i -X POST \
-u <username>:<password> \
'https://unifed-dev-api.infisign.net/unifed-auth-service/unifed/{tenant_id}/magic/auth/start/conditional/access' \
-H 'Content-Type: application/json' \
-d '{
"emailId": "<string>"
}'
emailId
ex - sample@google.com
curl -i -X GET \
-u <username>:<password> \
'https://unifed-dev-api.infisign.net/unifed-auth-service/unifed/{tenant_id}/magic/auth/start/conditional/access'
emailId
ex - sample@google.com
Get Conditional Access Settings - UniFed allows administrators to retrieve and review security policies that control user access based on conditions such as location, device, and risk level.
curl -i -X GET \
-u <username>:<password> \
'https://unifed-dev-api.infisign.net/unifed-log-service/loganalyzer/v1/{tenant_id}/access/application/preference'
Conditional Access Settings Update - Allows administrators to configure and enforce security policies based on user conditions.
curl -i -X PUT \
-u <username>:<password> \
'https://unifed-dev-api.infisign.net/unifed-log-service/loganalyzer/v1/{tenant_id}/access/application/preference' \
-H 'Content-Type: application/json' \
-d '{
"enabled": true,
"tenant_id": "string",
"enable_ip_check": false,
"ip_address": [
"127.0.0.1",
"128.0.0.1"
],
"exclusion_ip_users": [
"email",
"email"
],
"enable_geolocation_check": false,
"latLong": [
{
"lat": 0,
"long": 0,
"radius": 2000,
"label": "<string>"
},
{
"lat": 0,
"long": 0,
"radius": 2000,
"label": "<string>"
}
],
"location": [
{
"country": "India",
"state": [
"Tamilnadu",
"Kerala"
]
}
],
"exclusion_geolocation_users": [
"email",
"email"
],
"enforce_captcha": false,
"enable_deviceid_check": false,
"whitelisted_deviceids": [
"string",
"string"
],
"brute_force_login": false,
"max_login_attempts": 0,
"max_login_attempts_duration": 0,
"max_login_attempts_duration_in": "hours",
"max_failure_login_attempts": 0,
"max_failure_login_attempts_duration": 0,
"max_failure_login_attempts_duration_in": "days",
"max_login_throttling_rates": 0,
"max_login_throttling_rates_duration": 0,
"max_login_throttling_rates_duration_in": "weeks",
"max_signup_throttling_rates": 0,
"max_signup_throttling_rates_duration": 0,
"max_signup_throttling_rates_duration_in": "minutes",
"account_lockout_duration": 0,
"account_lockout_duration_in": "months",
"account_lockout_login_notify_user": false,
"account_lockout_signup_notify_user": false,
"redirect_id": "<string>"
}'
enabled - to enable/disable the whole conditional access integration
tenant id - Organization ID
enable ip check - enable/disable the IP address check
exclusion_ip_users - allows administrators to exempt specific IP addresses
enable_geolocation_check - enable/disable the location check
latLong
"lat": Latitiude, "long": Longitude, "radius": in meters, "label": "XXXX"
location": "country": "India", "state": ["Tamilnadu", "Kerala"]
exclusion_geolocation_users - allows administrators to exempt users from specific geographic locations from conditional access policies.
enforce_captcha - enable/disable the captcha