SupportFeedbackLogin

Configuring policies

Policies are used to authorize users, they can contain all the conditions the user or situation needs to adhere to (by using Filters) and determine the result of the check.

A Policy can have the following outcomes that will be used in the authorization check (together with all the other policies a user might have):

  • Allow; this means this policy will allow access in the specified situation (as defined in the filters)

  • Deny; this means this policy will deny access in the specified situation (as defined in the filters)

  • Audit; this means the policy will explicitly be added to the audit log on either Info, Warning or Error level. This outcome will not contribute to the authorization decision.

  • Inconclusive; this means the policy does not contribute to the authorization decision. This outcome will mainly be used when grouping policies that are often used together.

A policy can contain child policies, which means that the policies added as child policies will be evaluated (as separate policies), whenever the ‘parent’ policy applies (regardless of the decision outcome).

A policy can contain multiple filters, to indicate if the policy is applicable. See the Filters section for more information about filters.

Below you will find a couple of examples on how to configure a policy. Note that by applying filters and changing the Decision, you can create any kind of (restrictive) policy you require.

How to configure: A policy that allows access to everything

To configure a policy that allows access to everything for users who will have the policy:

  1. Open the Admin Portal

  2. Navigate to the Access control - Policy based section

  3. Click ‘Create Policy’ → ‘Create New Policy’

  4. Add a Policy Name (eg “Allow Policy”)

    1. Add an optional description

  5. Select Decision ‘Allow’

  6. Save the policy

The policy is now created and can be used to assign to (customer) Accounts, or add to an Access License.

How to configure: A policy that allows access to a specific application

To configure a policy that allows access to a specific application for users who will have the policy:

  1. Navigate to the Configuration - Filters section

  2. Go to the Filters tab

  3. Configure a filter for your application, see: #how-to-configure-a-filter-that-checks-for-a-specific-application

  4. Go to Access control - Policy based tab

  5. Click ‘Create Policy’ → ‘Create New Policy’

  6. Add a Policy Name (eg with the application name)

    1. Add an optional description

  7. Select Decision ‘Allow’

  8. Go to Filters tab

  9. Add the (previously created) filter that checks for your application.

  10. Save the policy

The policy is now created and can be used to assign to (customer) Accounts, or add to an Access License.

PreviousPolicy based accessNextAttribute based access

Last updated

Was this helpful?