Table of Contents
Advertisement
Using Identity Driven Manager
Defining Access Policy Groups
3-34
Access
Lists the Access Profiles you created by name, the Default
Profile
Access Profile, and a REJECT option. Select REJECT if the rule
will prohibit a user from logging in.
6.
Repeat the process for each rule you want to apply to the APG.
7.
The Access rules are evaluated in the order (priority) they are listed in the
Access Rules table. Use Move Up or Move Down buttons to arrange the
rules in the order you want them to be evaluated. IDM checks each rule
in the list until a match on all input parameters is found, then applies the
corresponding access profile to the user.
For example, if you want to allow a user to login in from any system during
the work week (Mon. - Fri.), but you want to deny access to users on the
weekend, you would:
•
Create a Time for the weekend,
•
Create an Access Profile to be applied during weekdays, "Default"
•
Define two rules for the APG, similar to the following:
Location
ANY
weekend
ANY
weekday
When the user is authenticated, IDM checks the Access Policies in the
order listed. If it is Saturday or Sunday, the user's access is denied. On any
other day, the user is allowed on the network. If the order were reversed,
IDM would never read the second rule because the first rule would provide
a match every day of the week.
8.
Click OK to save the Access Policy Group and close the window.
IDM will verify that the rules in the APG are valid. If a rule includes a
defined VLAN (from the Access Profile) and the VLAN does not exist on
the network or devices for the location(s), an error message is returned
and you must fix the problem before the APG can be saved.
Cancel
Click
to close the window without saving the Access Policy Group
configuration.
9.
The new Access Policy Group is listed in the Access Policy Groups tab
Time
System
ANY
ANY
Access Profile
REJECT
Default
Hide quick links:
Advertisement
Table of Contents
