Policy Wizard

The Policy Wizard is an easy, visual way to create Policies in the Platform. Before creating a new Policy, you must have created at least one Asset Type with at least one Application connected to it. Some objects (like Dynamic Groups and Conditions), can be created while creating a new Policy.

During the Policy creation process, you need to specify whether this new Policy is used for Dynamic Authorization Services or for SaaS Policy Management. Once a Policy has been created, it is listed in the Policy Catalog and can be viewed as code, visually in the Policy Map, exported, edited, and/or deleted.

To create a Policy with the Policy Wizard:

1. From the Authorization Workspace, click New Policy. The New Policy wizard is displayed.

2. In the Fill in Policy Details screen, enter a Name for the Policy (required).

3. In the Generate Policy ID section, select whether you want to apply a Custom ID (one that you create yourself) or an Auto Generated ID (one that the Platform creates) automatically. The Policy ID must be unique per Environment. It is used as the leading ID in the CRUD API for Policy Management (for more information, see Policy Management APIs).

   • If you selected Custom ID, the Policy ID field appears as an editable field. Enter the new Policy ID in the field. The maximum number of characters for this field is 128.
   • If you selected Auto Generated ID, a GUID is automatically set as the Policy ID.

3. Enter a Description for the new Policy (Optional).
4. • Select the Access Type. Options are Allow or Restrict.
   • Allow grants access rights to the Identity, if all other aspects of the Policy settings match.
   • Restrict denies access based on the Policy settings.
5. Select the Application/s to connect to this Policy.
6. • Click Continue. The Wizard advances to the WHO step, in which you select the Dynamic Groups which will be given access (or denied access) for this Policy. * In the Select Dynamic Groups for this Policy screen, you can:
   • Select one or more Dynamic Groups to which you have Admin Permissions.
     Create a new Dynamic Group by clicking New Dynamic Group. For more information, see Creating a Dynamic Group in the Policy Wizard.
     7. Click Continue. The wizard advances to the WHAT screen where you can select which Assets Types you wish to associate with this Policy. To add Assets to the Policy:
   • Select an Asset Type from the drop-down. The list of Asset Types depends on which Application you chose to connect to the Policy.
   • Select which Action/s to apply to the Asset. The options available depend on which Actions are associated to the Application you chose to connect to the Policy.
   • Click on Select Rulesets. A side panel opens where you are required to select at least one Ruleset to use in relation to the selected Asset Type and Action/s. You can also create a Ruleset from this panel.
     • After selecting your Ruleset/s, click Manage Rulesets to open the Ruleset side panel if required.
   • Select the Assets to use in this Policy
   • To add another Action-Ruleset/Asset combination to the Policy, click Add Combination. Note: This button is disabled if no Actions or only one Action is associated with the Asset Type.
     • To remove a combination, click on Remove Combination
7. Click Save. If you wish to add another Asset Type, click Add Asset Type and go over the points in Step 7.
8. Click Continue. The wizard advances to the WHEN screen where you can select which Conditions you wish to associate with this Policy. To create a condition:
   • Click the + New Condition. A side panel opens.
   • Fill in the Connection details section according to the relevant Condition.
   • Click Save.
   • Ensure that the relevant Condition is selected in the list of Conditions.
     Conditions can also be predefined in the Assets and Conditions section of the Authorization Workspace.
9. Done. The Policy is created and the Policy Map for the new Policy opens. Here you can:

• Activate or deactivate the Policy
• View the Policy code for the new Policy
• Export the Policy as code
• Delete the Policy
• Click on the displayed items in the Map to see the Details side panel (Dynamic Groups, Conditions, Asset Types)

To manage existing Policies (edit, delete, or add Asset Types), see Managing Policies.

* Click Edit to change any of the objects you selected. The fields become editable
* Click the trash can icon to delete the Policy.
* Click Add Asset Type to add another Asset Type to the Policy, again defining Actions and Rulesets.

Creating a New Dynamic Group in the Policy Wizard

While creating a new Policy, you may discover that you need to create a new Dynamic Group to help define the Policy. You do not need to exit the Wizard to accomplish this.

After entering the new Policy Name, Description and Access Type, you click Continue. At this point, as detailed above, you are expected to select the relevant Dynamic Group. If you don't see the Dynamic Group, you have the option of creating a new Dynamic Group from within the Wizard.

To create a new Dynamic Group in the Policy Wizard:

1. Click New Dynamic Group. The New Dynamic Group side panel opens.
2. In the Workspace Name field, select the Workspace in which you want the Dynamic Group created.
3. In the Fill in the Dynamic Group Details section, enter the Name and the Description (optional).
4. In the Define Dynamic Group Rules, define a set of Rules based on existing Identity Attributes by selecting an Attribute, selecting an Operator, and providing a Value. As needed, use the And and/or OR options to add additional Rules.
5. Click Save. The Dynamic Group is created in the specified Identity Workspace and added to the list of available Dynamic Groups to be used in the Policy.
6. Click Continue and begin selecting Assets for the new Policy, as detailed above.

Incomplete Policies

If you have not completed all of the required elements of the Policy, you will get a message asking if you wish to complete the Policy now or complete it later. If you choose to complete it later, a red dot will appear next to the Policy listing in the Policy Catalog and the Policy will not be active.

Once you complete the required configurations, the red dot is removed and the Policy will be applied appropriately.