Conditional Access: Network Trust

In this simulation, you'll experience what it's like to create an IP list, along with a conditional access policy that relaxes MFA requirements for users authenticating to the User Portal from specified IP addresses. Conditional Access Policies are customizable to fit your preferred network trust requirements.

How it Works

  1. Navigate to Conditional Lists and click the green plus button.
  2. Enter a list name and description, if desired.
  3. Enter IP Addresses using individual addresses or ranges using CIDR notation.
  4. Click “save” to create the new Office Networks IP List.
  5. Navigate to Conditional Policies in the left navigation.
  6. Click the green plus button to create a new policy.
  7. Enter a policy name and description, if desired.
  8. In the Assignments section, click “All Users”.
  9. In the Conditions section, click the “add condition” button.
  10. Click “IP Address”.
  11. Click the “IP Lists” dropdown.
  12. Click the “Office Networks” IP List we created.
  13. In the Actions section, click “Allow authentication”. Since we are relaxing MFA in this policy, leave “Require MFA” unchecked. Note: To require MFA for users who are NOT on specified networks, confirm your Global Policy by clicking the gear in the Conditional Policies list view.
  14. Click “create policy” to save.
  15. Congrats! All users have relaxed MFA when logging into the User Portal from an Office Network.