Managing POPs
    • 30 Mar 2025
    • 3 Minutes to read
    • Dark
      Light
    • PDF

    Managing POPs

    • Dark
      Light
    • PDF

    Article summary

    Policy Orchestration Points (POPs) define the connection between the Authorization Platform Tenant and the Vendor Tenant, typically running a third-party application. By default, when a Tenant is created, there is one Identity Workspace and one Authorization Workspace. To implement SaaS Authorization Management, you must first create an Orchestration Workspace and create at least one POP.

    To manage Policy Orchestration Points, you can

    • Create a POP
    • Edit a POP
    • Change the mode

    Creating a POP

    To create a Policy Orchestration Point:

    1. In the Orchestration Workspace, click Add Policy Orchestration Point. The Select Vendor side panel opens.
    2. Select the third-party vendor. A form opens, enabling you to configure the new POP.
    3. In the General section, enter:
      • Display Name (required)
      • Description (optional)
      • POP ID (required)
        • If two Environments are using two different POPs, they need to use the same POP ID for the migration process to work seamlessly.
    4. In the Associated Workspaces, select one Identity Workspace and one Authorization Workspace (required). Note that when an Identity or Authorization Workspace is configured to sync with a Policy Orchestration Point (POP) in the Orchestration Workspace, the synched Workspace cannot be deleted.
    5. In the Connection Settings section, enter the relevant values for each parameter. For more information, see the SaaS Policy Management Authorizer section and click on the third-party vendor you use.
    6. Click Test Connection to verify that the new POP is configured properly and can connect to the third-party vendor app. If the Connection Test fails, an error appears below the Test Connection button indicating what needs to be fixed.
    7. When the Test Connection is successful, click Create. The new POP is added to the list of currently defined POPs and an initial discovery takes place.

    Editing a POP

    To edit a POP:

    1. Click the three vertical dots on the POP you wish to edit, and select Settings. The POP side panel opens with the current configuration in Edit mode. All of the fields except the POP ID and the Authentication Method can be changed.
    2. After you make any changes, click the Test Connection button to verify that the POP is still configured properly and can connect to the third-party vendor.
    3. When the Test Connection is successful, click Save.

    Changing the POP Mode

    In the Orchestration Workspace, you can work in Learn or Manage mode. For more information, see Learn and Manage Modes.

    To switch between Learn and Manage Mode:

    1. In the Orchestration Workspace, locate the POP for which you want to switch modes. Click the three vertical dots and select Settings. A side panel opens with the POP Details displayed.
    2. In the Orchestration Settings area, select the Mode. Options are Learn or Manage.
    3. After changing the mode, click Save.

    After changing the mode, you should test the connection by clicking the Test Connection button.

    Deleting a POP

    When you delete a Policy Orchestration Point, all associated objects generated by the POP are also permanently deleted from the Platform. This includes the following:

    • POP
    • Scope
    • Application
    • Policies discovered or created within the POP.
    • Building Blocks including Dynamic Groups, Actions, Rulesets, and Conditions.
    • Asset Types (including Attributes)
    • Identity Sources
    • Identity Attributes
    Third Party Applications/Vendors

    Deleting a POP and associated objects in the Platform does not delete objects or Policies in the third-party application from which they were discovered.

    To delete a POP:

    1. In the Orchestration Workspace, locate the POP you wish to delete in the list of Policy Orchestration Points.
    2. Click on the three vertical dots on the POP to access the drop-down menu.
    3. Click Delete POP. A warning message appears, asking you to confirm that you want to delete the POP.
    4. Click Delete to confirm. The POP is deleted, as well as all associated objects and Policies within the POP.

    Was this article helpful?

    What's Next