Authentication

To enable Imply Hybrid (formerly Imply Cloud) Auth for your organization, contact your Imply account representative.

Imply Hybrid Auth provides secure authentication to Imply Hybrid through its built-in authentication service. You can enable one or more of the available built-in password policies or set up a new policy for your FreeOTP or Google Authenticator One-Time Password generator to validate one-time passwords.

This article describes how to use Imply Hybrid Auth to facilitate secure authentication to Imply.

Password policies

By default, new organizations do not have password policies associated with them. You can enable and customize password policies for users as required by the security policies of your organization.

To enable a password policy for your organization, follow these steps:

1. In the User management console, select Authentication.
2. Click the Password Policy tab.
3. Click Add policy to expand the policy options, and select a policy from the list. For example, you can configure a policy with these requirements:
   • Expire passwords after 30 days
   • Must have at least one upper case character and one special character
   • Must be at least eight characters in length
   • Must not be recently used
4. When finished, click Save.

This applies the settings throughout the organization. To configure policy settings at the user level, select the user first and then make the changes.

Password reset

To allow users to reset forgotten passwords, select Organization Settings from the left menu of the User management console. In the Login subtab, toggle the Forgot password switch. This surfaces the “Forgot Password” flow in the Imply Hybrid login screen.

Multi-factor authentication with one-time passwords

Multi-factor authentication (MFA) can significantly enhance user access security. Imply Hybrid Auth works with Google Authenticator and FreeOTP authenticator applications.

Imply Hybrid Auth has a number of policies you can set up for your FreeOTP or Google Authenticator One-Time Password generator. There are two different algorithms to choose from: Time Based (TOTP) and Counter Based (HOTP). Each algorithm comes with a set of configuration options.

To enable MFA with a one-time password policy, follow these steps:

1. In the User management console, select Authentication.
2. Open the OTP Policy sub-tab.
3. For the OTP Type, choose counter-based tokens or time-limited tokens.
4. Configure other settings based on your requirements, including the OTP hash algorithm, length of the token, and the look-ahead window, which sets a leniency period in case of a synchronization discrepancy between the token generator and server.
   The configuration options are as follows:
   • OTP Type: the type of the OTP.
   • OTP Hash Algorithm: the hashing algorithm used to generate the OTP.
   • Number of Digits: the number of digits in the OTP.
   • Look Ahead Window: the number of intervals or characters the server should look ahead.
   • OTP Token Period: (TOTP) the number of seconds an OTP token should be valid for.
   • Initial Counter: (HOTP) the value of the initial counter.
   • Supported Applications: applications that support the current OTP policy.
5. Click Save to apply the configuration.