Claim Policy
The Claim Policy Manager allows administrators to define a policy allowing new users to claim an account as their own.
Multiple claim policies can be created to service different user groups.
 |
One use case for multiple Claim policies is that users with privileged access are required to answer more specific questions (i.e. a specified Global Attribute List attribute), match a specific LDAP filter (i.e. the User Matching Filter), or be grouped according to a particular organizational unit in the directory service (i.e. the Search Base DN) to claim their account.
A claim policy consists of a list of attributes that a user must know about themselves in order to prove account ownership. For example, the attributes list could be a special code that HR emailed a user (and stored in the LDAP directory) and or a list of personal attributes such as birthdate, address information, or other specific identity values.
A new Claim Policy can be created by cloning an existing policy or clicking the plus icon. Existing Claim policies can be removed by clicking the minus icon.
When more than one Claim Policy exists, the up and down arrows can prioritize the Claim policies.
The General Tab allows administrators to name and enable the Claim policy along with defining the user population to which the Claim policy applies.
 |
The Claim policy can be enabled or disabled by clicking the Enabled checkbox. The Affected Users fields determine which users match the Claim Policy.
Field Name | Description |
|---|---|
Description | A description to help identify this policy. |
Enabled | Enables or disables the claim policy. Enabled Claim policies contain a checkmark to the right of the Claim policy name. A disabled Claim policy only contains the Claim policy name. |
Search Base DN | An optional field to restrict the scope of users that are affected by this challenge policy. If left blank it defaults to the User Base DN. |
Message to Show on Complete | This field can be used to tell users what they should do next. For example, a message could appear directing users to check their email for more information. Administrators can click the arrow to the right of the text box to open a rich text editor to customize the message. |
User Matching Filter | An LDAP filter to use to restrict the scope of this challenge policy even further. It can be used in conjunction with the search base DN or used separately. |
The Questions tab allows administrators to populate a required list of attributes the user must know about their account in order to claim it.
 |
Column Name | Description |
|---|---|
GAL Item | The item from the global attribute list that must match the user's answer. |
Display Name | This Display Name is the label for the attribute that appears to users during the Claim account process. |
Description | The Description is a friendly name or other necessary information to help the user understand the information that is necessary to answer the question. |
User Agreement
Administrators can define a user agreement to which users must agree as a condition to claim their account.
 |
The intended configuration agreement can be a note or require a user to check a box to affirm agreement with the text.
Field Name | Description |
|---|---|
Enabled | If checked, the user agreement will be used for this claim policy and must have a valid value for the message. |
Title | Optional. The text that appears above the agreement Body. The title should describe the Body text that follows. |
Body | Optional. The text of the agreement. This text could describe legal or compliance requirements along with any other information necessary for the user to understand in order to claim their account. |
Agreement Message | Required. This is the message that appears under the agreement text. This field is the minimum value required for a user agreement. For example, “By checking the box I agree to the text above…” |
Agreement Required | If selected, the Agreement Message is preceded by a checkbox that a user must check before they are allowed to claim their account. |