Managing POPs

Policy Orchestration Points (POPs) define the connection between the Authorization Platform Tenant and the Vendor Tenant, typically running a third-party application. By default, when a Tenant is created, there is one Identity Workspace and one Authorization Workspace. To implement SaaS Authorization Management, you must first create an Orchestration Workspace and create at least one POP.

To manage Policy Orchestration Points, you can

• Create a POP
• Edit a POP
• Change the mode

Creating a POP

To create a Policy Orchestration Point:

1. In the Orchestration Workspace, click Add Policy Orchestration Point. The Select Vendor side panel opens.
2. Select the third-party vendor. A form opens, enabling you to configure the new POP.
3. In the General section, enter:
   • Display Name (required)
   • Description (optional)
   • POP ID (required)
     • If two Environments are using two different POPs, they need to use the same POP ID for the migration process to work seamlessly.
4. In the Associated Workspaces, select one Identity Workspace and one Authorization Workspace (required). Note that when an Identity or Authorization Workspace is configured to sync with a Policy Orchestration Point (POP) in the Orchestration Workspace, the synched Workspace cannot be deleted.
5. In the Connection Settings section, enter the relevant values for each parameter. For more information, see the SaaS Policy Management Authorizer section and click on the third-party vendor you use.
6. Click Test Connection to verify that the new POP is configured properly and can connect to the third-party vendor app. If the Connection Test fails, an error appears below the Test Connection button indicating what needs to be fixed.
7. When the Test Connection is successful, click Create. The new POP is added to the list of currently defined POPs and an initial discovery takes place.

Editing a POP

To edit a POP:

1. Click the three vertical dots on the POP you wish to edit, and select Settings. The POP side panel opens with the current configuration in Edit mode. All of the fields except the POP ID and the Authentication Method can be changed.
2. After you make any changes, click the Test Connection button to verify that the POP is still configured properly and can connect to the third-party vendor.
3. When the Test Connection is successful, click Save.

Changing the POP Mode

In the Orchestration Workspace, you can work in Learn or Manage mode. For more information, see Learn and Manage Modes.

Deleting a POP

When you delete a Policy Orchestration Point, all associated objects generated by the POP are also permanently deleted from the Platform. This includes the following:

• POP
• Scope
• Application
• Policies discovered or created within the POP.
• Building Blocks including Dynamic Groups, Actions, Rulesets, and Conditions.
• Asset Types (including Attributes)
• Identity Sources
• Identity Attributes

To delete a POP:

1. In the Orchestration Workspace, locate the POP you wish to delete in the list of Policy Orchestration Points.
2. Click on the three vertical dots on the POP to access the drop-down menu.
3. Click Delete POP. A warning message appears, asking you to confirm that you want to delete the POP.
4. Click Delete to confirm. The POP is deleted, as well as all associated objects and Policies within the POP.