Skip to main content

Set up a security policy - email and password users

Set up security policies in Access Identity to control how users access PeopleXD using email and password authentication.

I
Written by Isabelle Grey
Updated this week

Security policies in Access Identity let you control how users access your PeopleXD system using email and password authentication. You can configure session timeouts, authentication requirements, and password rules that apply to all users from your verified email domain.

Before you set up a security policy, you need to:

  • Have an Access Identity account with appropriate administrator rights.

  • Register at least two administrators as domain owners to ensure continuous access to authentication controls.

  • Have access to your organisation's DNS management system to verify domain ownership.

Create your Access Identity account

Your Access Identity account gives you access to the administration panel where you manage domain verification and security policies. This is separate from your regular PeopleXD access.

⚠️ Important: At least two administrators from your organisation need to complete this process. If you only have one administrator and they leave the organisation or loses account access, you won't be able to manage authentication settings or security policies.

  1. Open the Access Identity link relevant to your hosting location:

  2. Click Create a new account, then enter your work email address.

  3. Complete the reCAPTCHA verification, then click Sign up.

  4. Open the verification email, then click the link to verify your email address.

  5. Create a password for your account, and complete your login.

Set up and verify your domain

Domain verification ensures that only your organisation can create security policies for your email domain.

Add your domain

  1. Sign into your Access Identity account:

  2. From the menu, click Domains.

  3. Click Add Domain.

  4. Enter your organisation's domain name, for example, yourcompany.com.

  5. Click Save.

Add domain owners

We recommend you add at least two domain owners per domain to avoid any risk of losing access to your configuration. This gives them full access to manage a domain.

  1. From the menu, click Domains.

  2. Click the relevant domain Name.

  3. In the Owners field, fill in the relevant email addresses.

  4. Click Save Changes.

Verify your domain

You need to add a DNS record to your domain hosting provider or DNS management system to prove that you own the domain. Your domain's DNS management system is typically managed by your IT department's DNS management portal, your domain registrar, or your hosting provider.

  1. From the menu, click Domains.

  2. Copy the Verification Code.

  3. Open your DNS management system, and fill in the TXT record information:

    • Host: @

    • Type: TXT

    • Value: The verification code you copied from Access Identity.

  4. Return to the Domains screen in Access Identity.

  5. Click Verify Domain.

πŸ“Œ Note: DNS changes can take up to 24 hours to propagate, though they often complete within an hour. You may need to wait before verification succeeds.

Create a security policy

Once your domain is verified, you can create a security policy and apply it to the domain. This applies the policy to all users with email addresses from that domain.

  1. Sign into your Access Identity account:

  2. From the menu, click Security Policies.

  3. Click Add Security Policy.

  4. Enter a name for your policy, and enter the owners email addresses.

  5. Select your verified domain.

  6. Configure your settings using the details in the table.

  7. Click Save Changes.

Section

Settings

General

  • Show Administration Features

Session

  • Users must sign in every

  • Access tokens expire after

  • Automatically extend the session if the user is active.

Authentication

  • Failed sign in attempts before temporary lockout

  • Lockout duration

  • "Stay signed in" option allowed

  • Require CAPTCHA verification at sign in

  • Allow impersonation

  • Impersonation white-list

  • Allow social sign in

  • Allow users to reveal their password when entering it.

Password

  • Validation Method

  • Require a strong password

  • Minimum length

  • Use blacklist of known passwords

  • Enable password checkup

  • "Remind me later" option allowed

  • "Don't ask me again" option allowed

  • Passwords expire after.

Add a security policy to a domain

  1. From the menu, click Domains.

  2. In the Verified Domains section, click the relevant Name.

  3. Select a Security Policy from the list.

  4. If required, select the Enable federation checkbox.

  5. Click Save Changes.

Enable your domain

Once you're ready you can enable your domain, this applies the configuration to all impacted users.

  1. From the menu, click Domains.

  2. In the Verified Domains section, click the relevant Name.

  3. Select the Enable checkbox.

  4. Click Save Changes.

Test the security policy

Before rolling out to your users, you can test that your policy works as expected. This allows you to identify and fix any issues before they affect your whole organisation.

  1. Open the Access Identity link relevant to your hosting location:

  2. Enter your log in details.

  3. Confirm that the system prompts you for the security requirements you configured, including password requirements and authentication steps.

  4. Complete the authentication process to ensure you can successfully login.

Related Articles
Authentication overview
Configure manual authentication
Set up a security policy - SSO via OIDC users
Set up username accounts
Moving to Access Identity authentication
Did this answer your question?