Conditions are used in the different types of Policies and roles to determine if the policy or role is applicable to the situation in which the authentication / authorization check happens. The conditions describe the criteria that should match for the policy to be applicable.
Conditions can contain multiple criteria and also include existing (nested) conditions.
The criteria will be checked with the following operators among the added criteria:
AND, means that all added criteria (and nested conditions) need to apply for the condition to be applicable
OR, means that at least 1 of the added criteria (and nested conditions) need to apply for the condition to be applicable
Each criteria consists of 3 parts:
An attribute, for which the value is checked against the rest of the criteria
An operator, that describes what kind of check should be done. The operator depends on the type of attribute. For instance, a text attribute could have operators like equals, does not equal, contains and does not contain; and a date or time attribute could have operators like equal, before or after.
A value, against which the actual attribute value is checked.
See the examples below for how to configure specific situations.
How to configure: A condition that checks for a specific application
To configure a condition that checks for a specific application:
Navigate to the Advanced section
Go to Conditions
Click ‘Create Condition’
Add a Condition Name (eg containing the application name)
Go to the Criteria section
Create a criteria for your application
Select the ‘Application Name’ parameter
Leave the operator or ‘Equal’
Add your application name as configured in Veriam (in Applications)
In case you want to filter on multiple applications:
Change the condition operator to ‘OR’
Click ‘Add Criteria’
Create the criteria for your application (see step 6)
Save the condition
The condition is now created and can be added to a Policy.
How to configure: A condition that checks for office hours
To configure a condition that checks for office hours (note that this scenario is for example purposes, it is advised to only create criteria that make sense for your situation):
Navigate to the Advanced section
Go to Conditions
Click ‘Create Condition’
Add a Condition Name (eg “Within office hours”)
Add an optional description
Go to the Criteria section
Create a criteria to check if the time is before office hours
Select the ‘System Time’ parameter
Change the operator or ‘After’
Select the start of your office hours (eg “09:00”)
Leave the condition operator set to ‘AND’
Create a criteria to check if the time is after office hours
Click ‘Add Criteria’
Select the ‘System Time’ parameter
Change the operator or ‘Before’
Select the end of your office hours (eg “17:00”)
Save the condition
The condition is now created and can be added to a Policy.
Note: depending on if you want to allow access within office hours (this condition would need to be added to all policies that provide access), or deny access outside of office hours (this condition could be added to a separate policy that denies access), the condition would be configured differently.
