Conditions are used in the different types of Policies and roles to determine if the policy or role is applicable to the situation in which the authentication / authorization check happens. The conditions describe the criteria that should match for the policy to be applicable.
Conditions can contain multiple criteria and also include existing (nested) criteria.
The conditions can be checked with the following operators among the added criteria:
AND, means that all added criteria (and nested criteria) need to apply for the condition to be applicable
OR, means that at least 1 of the added criteria (and nested criteria) need to apply for the condition to be applicable
Each condition consists of 3 parts:
An attribute, for which the value is checked against the rest of the condition
An operator, that describes what kind of check should be done. The operator depends on the type of attribute. For instance, a text attribute could have operators like equals, does not equal, contains and does not contain; and a date or time attribute could have operators like equal, before or after.
A value, against which the actual attribute value is checked.
See the examples below for how to configure specific situations.
How to configure: A condition that checks for a specific application
To configure a condition that checks for a specific application:
Navigate to the Advanced section
Go to Conditions
Click ‘Create Condition’
Add a Condition Name (eg containing the application name)
Go to the Criteria section
Create a criteria for your application
Select the ‘Application Name’ parameter
Leave the operator or ‘Equal’
Add your application name as configured in Veriam (in Configuration - Applications tab)
In case you want to filter on multiple applications:
Change the criteria operator to ‘OR’
Click ‘Add Criiteria’
Create the criteria for your application (see step 6)
Save the condition
The condition is now created and can be added to a Policy.
How to configure: A condition that checks for office hours
To configure a condition that checks for office hours (not that this scenario is for example purposes, it is advised to only create conditions that make sense for your situation):
Navigate to the Configuration section
Go to Conditions tab
Click ‘Create Condition’
Add a Condition Name (eg “Within office hours”)
Add an optional description
Go to the Criteria section
Create a criteria to check if the time is before office hours
Select the ‘System Time’ parameter
Change the operator or ‘After’
Select the start of your office hours (eg “09:00”)
Leave the filter operator set to ‘AND’
Create a criteria to check if the time is after office hours
Click ‘Add Filter Condition’
Select the ‘System Time’ parameter
Change the operator or ‘Before’
Select the end of your office hours (eg “17:00”)
Save the condition
The condition is now created and can be added to a Policy.
Note: depending on if you want to allow access within office hours (this condition would need to be added to all policies that provide access), or deny access outside of office hours (this condition could be added to a separate policy that denies access), the condition would be configured differently.
