Filter criteria (also called policy inputs) are used as inputs for policy conditions to verify and meet the requirements of an authentication request.

Use filter criteria to supply information authentication policies such as a user's IP address, roles, or groups. Add these criteria in the Policy conditions section of your policies.

There are seven types of filter criteria used in adaptive authentication. Your authentication policies can use one or more of these criteria to evaluate authentication requests.

Note: Location filter and Identity Provider filter are available with Zero Trust Access feature. For more information, see Zero Trust Access.
Table 1. Filter criteria types
TypeDescription
IP filter criteria Use IP filter criteria to filter users based on the user's IP addresses. Both IPv4 and IPv6 are supported.
Role filter criteria Use role filter criteria to filter users based on their roles.
Group filter criteria Use group filter criteria to filter users based on the user group to which the user belongs.
Location filter criteria Use location filter criteria to filter users based on the user location.
Identity Provider Attribute filter criterias Use the Identity Provider attributes that are received from SAML response from the IdP as a filter criteria for authentication.

Generic Criteria

In addition to the previously listed types, there are four generic filter criteria. These criteria do not appear in your filter navigator, but you can select them while adding policy inputs to your authentication policies.

Table 2. Generic filter criteria types
TypeDescription
Authentication Scheme Use to filter based on user's authentication scheme. This criteria is a choice type with two options:
  • User name and Password, which denotes a local login​
  • SSO, which denotes a Multi-SSO(SAML, OIDC, or Digest) based login.
Note: This Filter Criteria is available only when the Integration - Multiple Provider Single Sign-On Installer[com.snc.integration.sso.multi.installer] plugin is installed.
Identity Provider Use to filter based on the user's identity provider. Use along with the authentication scheme criteria to have granular control over login process. This criteria is a reference to the Identity Providers [sso_properties] table.
Note: This Filter Criteria is available only when the Integration - Multiple Provider Single Sign-On Installer[com.snc.integration.sso.multi.installer] plugin is installed.
Role-based MFA Use to filter based on the role-based MFA feature. This criteria is a boolean type filter criteria which denotes whether role-based MFA is enabled for the user.​
User-based MFA Use to filter based on the user-based MFA feature. This criteria is a boolean type filter criteria which denotes whether user-based MFA is enabled for the user.​
Trusted mobile app Trusted mobile app filter for enabling instance access from mobile app.