Managing Conditions

Creating a Condition

To create a Condition:

1. In the Authorization Workspace, select the Assets & Conditions tab.
2. In the Conditions section, click New Conditions. The New Condition screen is displayed.
3. Enter the Name of the new Condition. It is recommended that you use a meaningful name that helps others understand the purpose of the Condition.
4. Enter a Description for the Condition (optional).
5. Select the Type of Condition to be created. Options are:

• Date & Time
• IP
• Identity Attribute
• Request Attribute

6. In the Define Condition Rules, enter the required information (see below).
7. Click Create. The Condition is created and the Condition Details screen is displayed and the Condition is listed in the Conditions area of the Authorization Workspace.

About Date & Time Conditions

When you define a Date & Time Condition, you can specify the following options in the Condition:

Months: Options include All, a single month, or any combination of specific months of the year.

Days: Options include All, a single day, or any combination of specific days of the week.

Time: Options include All Day (which means 24 hours) or you can click to deselect All Day and then select an hour/minute for the start of the time slot and the end of the time slot. You should also select the appropriate time zone, which is required for any time selection other than All Day.

Starting Date/Ending Date: Options include specifying a start and end date for when the Condition is activated and deactivated or just a start date, or just an end date. Although you can only use one Time & Date rule in a Policy, you can make that one Time & Date rule more complex by using the OR option to specify another Time & Date range below.

For example, the first Time & Date rage might specify a period of time from January to March and then a second could specify the period from September to November.

About IP Conditions

When you define an IP Condition, you can specify the following options in the Condition:

1. Access Type: options are Allow or Restrict.
2. IP Range: specify the IP range. You must use a valid CIDR address.

About Identity Attribute Conditions

When you define an Identity Attribute Condition, you can specify one or more rules to create a condition.

To create an Identity Attribute Condition:

1. Select an Identity Attribute from the drop-down list. The Type field (Numeric or String) is populated automatically.
2. Select the appropriate operator. Options are Equals, Not Equals, Greater than, Less than, In, Not In.
3. Enter a value.
4. If you wish to add another rule to the Condition, click the And or OR option and again define each of the elements of the rule (Identity Attribute, Type, Operator, Value).

About Request Attribute Conditions

When you define a Request Attribute Condition, you can specify one or more rules to create a Condition. A Request Attribute is an external parameter sent through the Request that is factored into the Policy at run time.

To create a Request Attribute Condition:

1. Select a Request Attribute from the drop-down list.
2. Configure the Type field (Numeric or String) of the Attribute value.
3. Select the appropriate operator. Options are Equals, Not Equals, Greater than, Less than.
4. Enter a value.
5. If you wish to add another rule to the Condition, click the And or OR option and again define each of the elements of the rule (Request Parameter, Type, Operator, Value).