Configuring policies

Policies are used to authorize users, they can contain all the conditions the user or situation needs to adhere to (by using Conditions) and determine the result of the check.

A Policy can have the following outcomes that will be used in the authorization check (together with all the other policies a user might have):

• Allow; this means this policy will allow access in the specified situation (as defined in the conditions)

• Deny; this means this policy will deny access in the specified situation (as defined in the conditions)

• Audit; this means the policy will explicitly be added to the audit log on either Info, Warning or Error level. This outcome will not contribute to the authorization decision.

• Inconclusive; this means the policy does not contribute to the authorization decision. This outcome will mainly be used when grouping policies that are often used together.

For policies with a Deny outcome, you can specify a custom deny message that will be displayed to the user when this policy applies and the user tries to login to your application(s).

A policy can contain child policies, which means that the policies added as child policies will be evaluated (as separate policies), whenever the ‘parent’ policy applies (regardless of the decision outcome).

A policy can contain multiple conditions, to indicate if the policy is applicable. See the Conditions section for more information about conditions.

Below you will find a couple of examples on how to configure a policy. Note that by applying conditions and changing the Decision, you can create any kind of (restrictive) policy you require.