Only the password authentication method is configured in the default policy rules. You must edit the policy rules to select the other authentication methods you configured and set the order in which the authentication methods are used for authentication.

About this task

You can set up access policy rules that require users to pass credentials through two authentication methods before they can sign in. See Configuring Access Policy Settings.


Enable and configure the authentication methods that your organization supports. See Configuring User Authentication in VMware Identity Manager.


  1. In the administration console Identity & Access Management tab, select Manage > Policies.
  2. Click the default access policy to edit.
  3. In the Policy Rules section, click the authentication method to edit, or to add a new policy rule, click the + icon.
    1. Verify that the network range is correct. If adding a new rule, select the network range for this policy rule.
    2. Select the device that this rule manages from the and the user is trying to access content from drop-down menu.
    3. Configure the authentication order. In the then the user must authenticate using the following method drop-down menu, select the authentication method to apply first.

      To require users to authenticate through two authentication methods, click + and in the drop-down menu select a second authentication method.

    4. (Optional) To configure additional fallback authentication methods, in the If preceding Authentication Method fails, then: drop-down menu, select another enabled authentication method.

      You can add multiple fallback authentication methods to a rule.

    5. In the Re-Authenticate after drop-down menu, select length of the session, after which users must authenticate again.
    6. (Optional) Create a custom access denied message that displays when user authentication fails. You can use up to 4000 characters, which is about 650 words. If you want to send users to another page, in the Link URL text box, enter the URL link address. In the Link text text box, enter the text that should display as the link. If you leave this text box blank, the word Continue displays.
    7. Click Save.
  4. Click Save.