Configuring policies

PreviousPolicy based access NextAttribute based access

Last updated 12 days ago

Was this helpful?

Configuring policies

Policies are used to authorize users, they can contain all the conditions the user or situation needs to adhere to (by using Filters) and determine the result of the check.

A Policy can have the following outcomes that will be used in the authorization check (together with all the other policies a user might have):

Allow; this means this policy will allow access in the specified situation (as defined in the filters)
Deny; this means this policy will deny access in the specified situation (as defined in the filters)
Audit; this means the policy will explicitly be added to the audit log on either Info, Warning or Error level. This outcome will not contribute to the authorization decision.
Inconclusive; this means the policy does not contribute to the authorization decision. This outcome will mainly be used when grouping policies that are often used together.

For policies with a Deny outcome, you can specify a custom deny message that will be displayed to the user when this policy applies and the user tries to login to your application(s).

A policy can contain child policies, which means that the policies added as child policies will be evaluated (as separate policies), whenever the ‘parent’ policy applies (regardless of the decision outcome).

A policy can contain multiple filters, to indicate if the policy is applicable. See the Filters section for more information about filters.

Below you will find a couple of examples on how to configure a policy. Note that by applying filters and changing the Decision, you can create any kind of (restrictive) policy you require.

How to configure: A policy that allows access to everything

To configure a policy that allows access to everything for users who will have the policy:

Open the
Navigate to the Access control - Policy based section
Click ‘Create Policy’ → ‘Create New Policy’
Add a Policy Name (eg “Allow Policy”)
Select Decision ‘Allow’
Save the policy

The policy is now created and can be used to assign to (customer) Accounts, or add to Subscription Plans.

How to configure: A policy that allows access to a specific application

To configure a policy that allows access to a specific application for users who will have the policy:

Navigate to the Configuration - Filters section
Go to the Filters tab
Configure a filter for your application, see: #how-to-configure-a-filter-that-checks-for-a-specific-application
Go to Access control - Policy based tab
Click ‘Create Policy’ → ‘Create New Policy’
Add a Policy Name (eg with the application name)
Select Decision ‘Allow’
Go to Filters tab
Add the (previously created) filter that checks for your application.
Save the policy

The policy is now created and can be used to assign to (customer) Accounts, or add to an Access License.

PreviousPolicy based access NextAttribute based access

Last updated 12 days ago

Was this helpful?

Policies are used to authorize users, they can contain all the conditions the user or situation needs to adhere to (by using Filters) and determine the result of the check.

A Policy can have the following outcomes that will be used in the authorization check (together with all the other policies a user might have):

Allow; this means this policy will allow access in the specified situation (as defined in the filters)
Deny; this means this policy will deny access in the specified situation (as defined in the filters)
Audit; this means the policy will explicitly be added to the audit log on either Info, Warning or Error level. This outcome will not contribute to the authorization decision.
Inconclusive; this means the policy does not contribute to the authorization decision. This outcome will mainly be used when grouping policies that are often used together.

For policies with a Deny outcome, you can specify a custom deny message that will be displayed to the user when this policy applies and the user tries to login to your application(s).

A policy can contain multiple filters, to indicate if the policy is applicable. See the Filters section for more information about filters.

Below you will find a couple of examples on how to configure a policy. Note that by applying filters and changing the Decision, you can create any kind of (restrictive) policy you require.

How to configure: A policy that allows access to everything

To configure a policy that allows access to everything for users who will have the policy:

Open the
Navigate to the Access control - Policy based section
Click ‘Create Policy’ → ‘Create New Policy’
Add a Policy Name (eg “Allow Policy”)
Select Decision ‘Allow’
Save the policy

The policy is now created and can be used to assign to (customer) Accounts, or add to Subscription Plans.

How to configure: A policy that allows access to a specific application

To configure a policy that allows access to a specific application for users who will have the policy:

Navigate to the Configuration - Filters section
Go to the Filters tab
Configure a filter for your application, see: #how-to-configure-a-filter-that-checks-for-a-specific-application
Go to Access control - Policy based tab
Click ‘Create Policy’ → ‘Create New Policy’
Add a Policy Name (eg with the application name)
Select Decision ‘Allow’
Go to Filters tab
Add the (previously created) filter that checks for your application.
Save the policy

The policy is now created and can be used to assign to (customer) Accounts, or add to an Access License.