Policies

Policies control user access to the web console. This is done by matching the Roles in the policy with roles in the user. If a policy matches one of the users roles that policy will apply to the user. Policies should be configured carefully as it can block access to the web console. If policies are preventing access to the web console the command sudo pritunl-cloud disable-policies will disable all policies.

WebAuthn

WebAuthn will provide the best secondary authentication and this is the recommended secondary factor to use. First configure the WebAuthn Domain in the node settings to the highest level domain for the configuration. The WebAuthn domain can't be changed without invalidating all the existing devices. If a domain such as admin.cloud.pritunl.com and user.cloud.pritunl.com is used the WebAuthn domain should be cloud.pritunl.com