This article will guide administrators on how to create behavior-based, user sign-in policies using Timus ZTNA.

Timus ZTNA offers a unique and improved access control method that allows businesses to expand without compromising the fundamental security of their network, which includes infrastructure, applications, data, users, and devices.

• In the "User Sign-in Policies" page, you can see the following information from left to right: Name, Description, and Status of both default and custom policies.

• You can use the search filter in the upper left corner to find and adjust policies quickly.

The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other User Sign-In policies.

It means that you are able to prioritize the Timus ZTNA rules by yourself.

• To create a custom policy for a user, click the "Create User Sign-in Policy" button on the right side of the page.

• The total number of policies defined in your network will be displayed just below.

• To manage a policy, click the ellipsis icon located at the end of its general details.

• From here, you can edit the policy or create a new one using the Copy feature.

• Additionally, you have the option to Activate/Deactivate or Delete the policy.

You can Deactivate the default user sign-in policy.

To create a new User Sign-In/Login Policy, follow these steps:

• Go to the Timus Manager> Zero Trust Security> User Sign-In Policies page.

• Click the "Create User Sign-In Policy" button on the right side of the page.

A pop-up window will appear with the following tabs:

• Source,

• Condition,

• Action,

• Alerts & Notifications.

On the Source tab:

• Enter a Name and Description for the policy you are creating. For example, "Default User Sign-In Policy" or "Default User Sign-In Policy for High-Risk Attempts."

• Click "Select" and choose the Source as User/Team or IP.

If IP is selected as Source, a Public IP address must be entered.

• Enter a Description based on the Source type you selected.

• If necessary, you can select multiple sources to apply to the policy.

On the Condition tab,

• Choose the Authentication method that you prefer to verify the source of your policy, whether it's Any, Connect App, or User Portal.

• Set the risk level to Any, High, Medium, or Low.

• Select the Behavior on which this policy will be applied.

• Click on + Add Behavior. You can select multiple behaviors to trigger the policy.

• Schedule the policy.

When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take action.

When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered by the policy to take the action.

You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.

Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:

When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:

On the "Action" tab,

• You can determine how the system should respond when a certain behavior triggers a policy.

• The system offers various actions, including Allow, Deny, Ban, MFA-Email, MFA Authenticator App, Deny and Block IP, and Ban and Block IP.

• You can select multiple actions for multi-factor authentication which are numbered on the left side of the tab: If you select MFA-Authenticator App and MFA-Email actions, you will have the option to add more actions for login attempts.

• This means that if the first authentication step fails, you can enable another action and send two-factor authentication setup introductions to users.

• Select an action from the drop-down list.

To set Alerts and Notifications for your policy,

1. Go to the tab on the policy screen,

2. Enter a title for the alert and select the severity (High, Medium, or Low).

3. To activate the alert, make sure the Status is switched to ON.

4. Specify which Result Conditions will trigger the alert, such as Successful, Failed, or Timeout.

1. To create a notification, click on "Notifications" and enter a Title.

2. Select the severity (High, Medium, or Low) and turn the Status ON to enable the notification.

3. Specify the Result Conditions that will trigger the notification (Successful, Failed, or Timeout).

4. If necessary, you can check the box labeled "Notify Users Matching Conditions" to notify policy-bound users.

5. Additionally, you can specify recipients for the notification by choosing between administrators or external users. It is possible to assign multiple recipients to the policy.

6. If you select administrators, all admins in the system will be listed, and you can choose "All Administrators."

7. If you select External user, enter their Name and Email Address.

8. To delete a recipient, simply click x at the end of the line.

9. Once all the required information is entered, click "Confirm" to create your user sign-in policy with Timus ZTNA.

• To edit the default policy on the page, click on the ellipsis icon located on the policy row and select "Edit" from the mini drop-down list.

• Once you have made the necessary changes to the policy configuration and click Confirm, you can reapply it to Timus ZTNA with your updated settings.

• You also have the option to create a similar policy with minor adjustments using the Copy feature in the list.