...
Here is one way that we might wish to define our levels of authentication in a root policy on the server. These are subject to change based on research and evaluation by our IT security expert.
| Description | Level | Authentication Handler Ordered List | |
|---|---|---|---|
| ldap_strong_google | (LDAP username&password, strong password policy) + (Google Authenticator) | 45 | ldap(password_strength>=8), google_auth |
| ldap_strong_sms | (LDAP username&password, strong password policy) + (SMS) | 44 | ldap(password_strength>=8), sms_code |
| ldap_medium_google | (LDAP username&password, medium password policy) + (Google Authenticator) | 35 | |
| ldap_medium_sms | (LDAP username&password, medium password policy) + (SMS) | 34 | |
| ldap_strong | LDAP username&password, strong password policy | 33 | |
| ldap_medium_lan | (LDAP username&password, medium password policy) + (on the company LAN) | 32 | |
| ldap_medium | LDAP username&password, medium password policy | 30 | |
| trusted_partner | Trusted Partner* | 20 | |
| ldap_weak | LDAP username&password, weak password policy | 10 | |
| 10 | |||
| 10 |
...