Filters are used in the different types of Policies and roles to determine if the policy or role is applicable to the situation in which the authentication / authorization check happens. The filters describe the conditions that should match for the policy to be applicable.
Filters can contain multiple filter conditions and also include existing (nested) filters.
The filter conditions be checked with the following operators among the added filter conditions:
AND, means that all added filter conditions (and nested filters) need to apply for the filter to be applicable
OR, means that at least 1 of the added filter conditions (and nested filters) need to apply for the filter to be applicable
Each filter conditions consists of 3 parts:
An attribute, for which the value is checked against the rest of the condition
An operator, that describes what kind of check should be done. The operator depends on the type of attribute. For instance, a text attribute could have operators like equals, does not equal, contains and does not contain; and a date or time attribute could have operators like equal, before or after.
A value, against which the actual attribute value is checked.
See the examples below for how to configure specific situations.
How to configure: A filter that checks for a specific application
To configure a filter that checks for a specific application:
Navigate to the Configuration section
Go to Filters tab
Click ‘Create Filter’
Add a Filter Name (eg containing the application name)
Add an optional description
Go to the Filter Conditions tab
Create a filter conditions for your application
Select the ‘Application Name’ parameter
Leave the operator or ‘Equal’
Add your application name as configured in Veriam (in Configuration - Applications tab)
In case you want to filter on multiple applications:
Change the filter operator to ‘OR’
Click ‘Add Filter Condition’
create the filter condition for your application (see step 6)
Save the filter
The filter is now created and can be added to a Policy.
How to configure: A filter that checks for office hours
To configure a filter that checks for office hours (not that this scenario is for example purposes, it is advised to only create filters that make sense for your situation):
Navigate to the Configuration section
Go to Filters tab
Click ‘Create Filter’
Add a Filter Name (eg “Within office hours”)
Add an optional description
Go to the Filter Conditions tab
Create a filter to check if the time is before office hours
Select the ‘System Time’ parameter
Change the operator or ‘After’
Select the start of your office hours (eg “09:00”)
Leave the filter operator set to ‘AND’
Create a filter to check if the time is after office hours
Click ‘Add Filter Condition’
Select the ‘System Time’ parameter
Change the operator or ‘Before’
Select the end of your office hours (eg “17:00”)
Save the filter
The filter is now created and can be added to a Policy.
Note: depending on if you want to allow access within office hours (this filter would need to be added to all policies that provide access), or deny access outside of office hours (this filter could be added to a separate policy that denies access), the filter would be configured differently.
