SupportFeedbackLogin

Conditions

Conditions are used in the different types of Policies and roles to determine if the policy or role is applicable to the situation in which the authentication / authorization check happens. The conditions describe the criteria that should match for the policy to be applicable.

Conditions can contain multiple criteria and also include existing (nested) conditions.

The criteria will be checked with the following operators among the added criteria:

  • AND, means that all added criteria (and nested conditions) need to apply for the condition to be applicable

  • OR, means that at least 1 of the added criteria (and nested conditions) need to apply for the condition to be applicable

Each criteria consists of 3 parts:

  • An attribute, for which the value is checked against the rest of the criteria

  • An operator, that describes what kind of check should be done. The operator depends on the type of attribute. For instance, a text attribute could have operators like equals, does not equal, contains and does not contain; and a date or time attribute could have operators like equal, before or after.

  • A value, against which the actual attribute value is checked.

See the examples below for how to configure specific situations.

How to configure: A condition that checks for a specific application

To configure a condition that checks for a specific application:

  1. Navigate to the Advanced section

  2. Go to Conditions

  3. Click ‘Create Condition’

  4. Add a Condition Name (eg containing the application name)

  5. Go to the Criteria section

  6. Create a criteria for your application

    1. Select the ‘Application Name’ parameter

    2. Leave the operator or ‘Equal’

    3. Add your application name as configured in Veriam (in Applications)

  7. In case you want to filter on multiple applications:

    1. Change the condition operator to ‘OR’

    2. Click ‘Add Criteria’

    3. Create the criteria for your application (see step 6)

  8. Save the condition

The condition is now created and can be added to a Policy.

How to configure: A condition that checks for office hours

To configure a condition that checks for office hours (note that this scenario is for example purposes, it is advised to only create criteria that make sense for your situation):

  1. Navigate to the Advanced section

  2. Go to Conditions

  3. Click ‘Create Condition’

  4. Add a Condition Name (eg “Within office hours”)

    1. Add an optional description

  5. Go to the Criteria section

  6. Create a criteria to check if the time is before office hours

    1. Select the ‘System Time’ parameter

    2. Change the operator or ‘After’

    3. Select the start of your office hours (eg “09:00”)

  7. Leave the condition operator set to ‘AND’

  8. Create a criteria to check if the time is after office hours

    1. Click ‘Add Criteria’

    2. Select the ‘System Time’ parameter

    3. Change the operator or ‘Before’

    4. Select the end of your office hours (eg “17:00”)

  9. Save the condition

The condition is now created and can be added to a Policy.

Note: depending on if you want to allow access within office hours (this condition would need to be added to all policies that provide access), or deny access outside of office hours (this condition could be added to a separate policy that denies access), the condition would be configured differently.

PreviousResource based accessNextProvide access to customers

Last updated

Was this helpful?