Manage Access Rules

Overview

Here, you manage the general access rules that can be applied to resources. Access rules define specific requirements for access. The requirements can be used in combination.

You can also create access rules specifically for individual resources, on the Access Rules add step in wizards and on the Access Rules tab. It is also possible to specify global access rules, that are automatically applied to all resources, in the Manage Global Access Rules section of the Administration Interface.

The access rules you register are displayed in a list. Note that although it is not visible on this page, the access rule Public is predefined in the system. When the access rule Public is applied, the resource is available to any anonymous users.

You create access rules using different types (or criteria):

Access Rule	Description
Authentication method	Access to resource is allowed if user is authenticated with one or several authentication methods. If several authentication methods the entities can be combined with both AND and OR.
User group membership	Access to resource is allowed if the user is member in a certain user group. If several user groups are selected, the entities can be combined with both AND and OR.
IP address of incoming client	Access to resource is allowed if the incoming client comes from a specific IP address or range of IP addresses.
Client Devices	Access to resource is allowed if user uses a specific device, for example Web or WAP.
Date, day, and/or time	Access to resource is allowed if the access occurs during a specified time period.
Assessement	Access to resource is allowed if client meets assessement requirement
User storage	Access to resource is allowed if user is stored in a specified user storage location.
Access Point	Access to resource is allowed if the request is coming through a specified Access Point.
Identity Federation	Select from registered SAML 2.0 identity providers. Identity providers are managed on the Manage SAML settings page.
Identity Orchestration	Access to resource is allowed if user is orchestrated to remote system using an Identity Orchestration channel
HTTP Headers	HTTP Header request specific rules to access the resource.
Customized access rule	Customized after the customer’s needs, specified in separate XML files. One file is stored for each access rule. Updating the customized access rule can only be done in the XML file.