Access Rules

Access Rules (Device Access Policies) allow the administrator to finely control the conditions under which users can authenticate: browser type, operating system, security level of the VaultysID identity, allowed IP addresses, etc.

Three policy scopes are available:

Global — applies to all organization users.
Admin — applies only to administrators.
Group — applies to a defined set of users and/or folders.

Overview

Access the access rules from the menu Access Policy > Policies.

00.no-policies-configured

Global Policy

Upon first access, no policy is configured yet. Click on the Create a Global Policy button to initialize the default policy applicable to all users.

Configure a Policy

Once created, the policy is displayed in the editor. Each side tab corresponds to a control dimension. The color badges indicate the configuration status of each section.

02.global-policy-editor-overview

Action on Violation

Define what should happen when a rule is not followed.

Define the behavior when a rule is not followed: Allow, Warn, Request approval, or Block

Value	Behavior
Allow	Ignores the rules — no blocking
Warn	Allows access but informs the user
Admin Approval	Access is suspended until an administrator approves
Block	Access denied

Browsers Tab

The Browsers tab allows to restrict or allow specific browsers

Allow or restrict access based on the browser used (Chrome, Firefox, Edge, Safari, Brave, Opera...). The All and None options apply a global rule.

Operating Systems Tab

The Operating Systems tab allows to limit access based on the system used (Windows, macOS, Linux, iOS, Android...)

Limit access to desired operating systems: Windows, macOS, Linux, iOS, Android, or Chrome OS.

Browser Security Tab

The Browser Security tab controls browser extensions and required security settings

Define requirements related to browser security (extensions, enabled settings).

VaultysID Security Tab

The VaultysID Security tab allows to require a minimum security level: software, passkey, or hardware key

Require a minimum security level for the VaultysID identity:

Software — key stored in software memory
Passkey — passkey authentication
Hardware — physical security key (FIDO2 / CTAP2)

IP Addresses Tab

The IP Addresses tab allows to restrict access to certain IP ranges or CIDR

Enter an IP address or CIDR range (e.g., 192.168.1.0/24) and press Enter to add it

Enter the allowed IP addresses or CIDR ranges (e.g., 192.168.1.0/24). Only connections from these networks will be accepted.

Create Other Policies

To create an Admin or Group policy, use the Add a Policy button in the toolbar.

A panel opens to choose the scope.

Choose the scope: Admin (administrators only) or Group (a group of members or folders)

Admin Policy

The Admin Policy applies only to administrators of the organization

info

There can only be one Admin policy. The creation button will be disabled if it already exists.

13.admin-policy-editor

The Admin Policy applies only to administrators. To delete it, use the Delete Policy button in the toolbar.

Group Policies

Group policies allow targeting a specific subset of users or folders with customized rules.

15.group-policies-overview

Select a group from the left column to access its editor.

Members & Folders

The Members & Folders tab allows to associate this policy with specific users or entire folders

Associate the policy with individual users or entire folders. All members of the folder will be automatically covered.

The group policy editor offers the same configuration tabs as the global policy, in addition to the Members & Folders tab

info

Group policy rules take precedence over the global policy for the users concerned.

Overview​

Global Policy​

Configure a Policy​

Action on Violation​

Browsers Tab​

Operating Systems Tab​

Browser Security Tab​

VaultysID Security Tab​

IP Addresses Tab​

Create Other Policies​

Admin Policy​

Group Policies​

Members & Folders​