Choosing the logon policy

This topic helps you to choose the most appropriate logon policy for your implementation. For instructions on setting the logon policy for a web application, see Setting the Logon policy.

Your implementation MUST include a Framework that has the Logon policy set to Explicit only, because whenever you upgrade the database you must be using a Framework with this logon policy. However, we do not recommend using Explicit only for users in the live system, so also create an additional Framework for the web applications to use that has one of the recommended logon policies described below.

 

Are you using...

Recommendation

1

Workspaces

No – use Integrated only, unless you are also using Ivanti Endpoint Manager, in which case, go to 3.
Yes – go to 2.

2

Shibboleth on your estate

No – go to 3.
Yes – use Shibboleth only.

3

Xtraction

No – use Token only.
Yes – use Identity Server.

Notes on the above:

Integrated only – this is a legacy logon policy for organizations that use only Web Access and Console. It is easy to set up and enables users to log on without re-entering their credentials

Shibboleth only – available for all client types and enables users to log on using their network credentials. This is appropriate if your organization already uses Shibboleth.

Token only – available for all client types, including mobile apps, and enables users to log on using their network credentials.

Identity Server – available for all client types, including mobile apps, and enables users to log on using their network credentials. You must use this logon policy if you are using Ivanti Xtraction. However, users must be on the network and the web address for the application must use the Fully Qualified Domain Name.