Often when creating Policies, organizations may find it is useful to apply restrictions to the Policy. A common type of restriction is a Condition, which provides the organization with the ability to allow or restrict access based on environmental parameters such as:
-
Date & Time: for example, allow weekend activity, restrict access based on time of day, etc.
-
IP: allow or restrict based on a preconfigured IP range
-
Identity Attribute: allow or restrict access based on an attribute associated to the Identity. For example, all users of a specific department; all users within a specific location (country, city, region, etc.), all users with a specific title.
-
Request Attribute: allow or restrict access based on the value of a specific request parameter.
Conditions can be created in:
- On the Assets & Conditions tab of the Authorization Workspace
- During the process of creating a new Policy in the Policy Wizard.