Conditions provide organizations with the ability to allow or restrict access based on environmental parameters. When added to a Policy, a Condition acts as a contextual filter, ensuring that access decisions reflect the real-world context in which a request occurs, not just who is making it.
A Condition defines the circumstances under which a Policy applies. Rather than granting or restricting access based solely on Identity or Agent, Conditions allow you to incorporate environmental context into the access decision.
Conditions can be based on the following parameter types:
- IP: Allow or restrict access based on a preconfigured IP address range. For example, limit access to requests originating from a corporate network.
- Identity Attribute: Allow or restrict access based on an attribute associated with the requesting Identity. For example, all users within a specific department, location (country, city, or region), or with a specific job title.
- Request Attribute: Allow or restrict access based on the value of a specific parameter included in the request itself.
Adding Conditions to a Policy
Conditions are added directly within the Policy Canvas as part of the policy flow, following Controls and Guardrails.
To add a Condition using the Policy Canvas:
- In the Policies Workspace in the Environment sidebar, select an existing Policy or create a new one by clicking the plus (+) button.
- In the Policy Canvas, click + Add Conditions at the end of the policy flow.
- A right-side panel opens, displaying the available Conditions.
- Use the search field to locate a specific Condition, or browse the list.
- Select an existing Condition by clicking it. An icon beside each entry indicates the Condition type (for example, Date & Time, IP, Identity Attribute, or Request Attribute).
- To define a new Condition, click + Add New in the upper corner of the panel and configure the parameters as needed.
- Confirm your selection. The selected Condition is applied to the Policy.
At this stage, you have defined the full scope of the Policy: who can initiate an interaction, which Agents they can invoke, what controls and guardrails apply, and under what circumstances access is permitted.