Configure the Identity Policy Default Action

The identity policy has a default action, which is implemented for any connections that do not match any individual identity rules.

In fact, having no rules is a valid configuration for your policy. If you intend to use passive authentication on all traffic sources, then simply configure Passive Authentication as your default action.