The Administrator Sign-In Policies screen allows you to enforce context-aware authentication rules for Timus Manager administrators using behavior-based Zero Trust principles. These policies help you protect your infrastructure, applications, and sensitive data by dynamically responding to sign-in attempts based on risk factors and behavioral context.
📍 To access this screen, go to Zero Trust Security → Administrator Sign-In Policies
The main table lists both default and custom sign-in policies:
| Column | Description |
|---|---|
| Name | Name of the policy |
| Description | Summary of its purpose |
| Status | Current status of the policy |
Policies higher in the list are evaluated first. You can reorder them using drag & drop to change priority.
Create a Administrator Sign-In Policy
Click Create New to open the policy builder. You’ll configure the policy using four tabs:
Source
Specify the administrators this rule applies to:
- Add a Name and Description (optional)
- Select one or more administrators from the system
Condition
Define the sign-in context in which the policy is enforced:
| Field | Description |
|---|---|
| Risk Level | Any, Low, Medium, or High |
| Behavior Conditions | Select one or more behavior conditions (see supported types below) |
| Behavior Match Logic | All Selected Behaviors (AND) or Any Selected Behavior (OR) |
| Schedule | Limit policy to specific times/days if needed |
Supported Behavior Types
| Behavior Type | Purpose |
|---|---|
| New Device | Detects sign-ins from previously unseen devices |
| Out of Radius | Flags sign-ins from locations outside usual geographic range |
| New Country | Detects logins from new countries based on past activity |
| Impossible Travel | Detects geographically implausible login movement |
| Last Sign-In Date | Triggers if administrator hasn’t signed in recently |
| Untrusted IP | Flags risky IPs (proxy, botnet, TOR, abuse score, etc.) |
| Breached Email | Flags email addresses found in breach databases |
| Consecutive Failures at Same Account | Detects brute-force attempts on a single user |
| Consecutive Failures at Any Account | Detects credential stuffing attempts across administrators |
Action
Specify how the system should respond if the policy conditions are met:
| Option | Behavior |
|---|---|
| Allow | Permit access |
| Deny | Deny access |
| MFA - Email | Require email-based OTP |
| MFA - Authenticator App | Require app-based TOTP |
| Deny and Block IP | Deny access and blacklist the IP address |
You can configure multi-step MFA (e.g., Email + App fallback) to strengthen layered authentication.
Alerts & Notifications
Improve incident visibility and team coordination with real-time alerts:
- Alerts:
- Define Title, Severity, and Status
- Choose Trigger Results:
Success,Failure,Timeout
- Notifications:
- Define Title, Severity, and Status
- Choose Trigger Results:
Success,Failure,Timeout - Choose whether to notify matching administrators, specific administrators, or external recipients
Updated
Comments
0 comments
Please sign in to leave a comment.