The default policy is a global policy that is applied to any application in your organization where no application-specific policy is defined. The default policy rules are applied when a user attempts to access the protected application through web access or sign on.
By default, the default policy includes a single default action Authenticate that is applied to a user access request. You can edit the default policy to modify the default action or to include additional rules.
Note:
An application- or group-specific policy always overrides the default policy configuration. To configure an application- or group-specific policy, see Configuring an app or group-specific authentication policy.