You can edit the default access policy to change the policy rules, and you can edit application-specific policies to add or remove applications and to change policy rules.

About this task

You can remove an application-specific access policy at anytime. The default access policy is permanent. You cannot remove the default policy.



  1. In the administration console Identity & Access Management tab, select Manage > Policies.
  2. Click the policy to edit.
  3. If this policy applies to Web or desktop applications, click Edit Apps to add or delete applications in this policy.
  4. In the Policy Rules section, Authentication Method column, select the rule to edit.

    The Edit a Policy Rule page appears with the existing configuration displayed.

  5. To configure the authentication order, in the then the user must authenticate using the following method drop-down menu, select the authentication method to apply first.
  6. (Optional) To configure a fallback authentication method if the first authentication fails, select another enabled authentication method from the next drop-down menu.

    You can add multiple fallback authentication methods to a rule.

  7. Click Save and click Save again on the Policy page.


The edited policy rule takes effect immediately.

What to do next

If the policy is an application-specific access policy, you can also apply the policy to applications from the Catalog page. See Add a Web or Desktop Application-Specific Policy