Policy for user - Help

Hi All,

Seek your help on below issue.

I have 1 policy with Authentication, which is working fine. now I want to create other policy for users, where when users will register after login in PI using AD authentication, they should only see TOTP and get the registration done.

i am enabling only below option in second policy-
{ “assign”: true, “auditlog”: true, “delete”: true, “enable”: true, “enrollTOTP”: true, “reset”: true, "re…

after this, when trying to login, getting error in audit under PI " wrong otp value "

i have only one realm which is being used with these policy.

when i remove second policy ( user one ) all working fine.

Note - i am using otppin as userstore where AD user + Otp us being used.

this work perfect with single policy ( authentication ) but when creating second for user - it stopped working.
any thing wrong i am doing ?


Dear All,

can anyone please help on above request ?


I do not understand you!

You can export your policies using the command line tool

pi-manage policy p_export

This might help to explain what you have configured.