Access Policy Examples
Access Policy Examples
Rule Set Example Using the Trusted Location Attribute
All users from the selected identity source who signed into the application portal can see the application icon in the portal and are evaluated for additional authentication using the following conditions:
- Users authenticating with known browsers in a trusted location can open the application without additional authentication.
- Users authenticating with unknown browsers in a trusted location must authenticate at the Low assurance level.
- Users who are not in a trusted location and are in the United States must authenticate at the High assurance level.
- All remaining users are denied access.
Rule Set Example Using the Trusted Network Attribute
All users from the selected identity source who signed into the application portal and match at least one user attribute can see the application icon in the portal. Matching users are evaluated for authentication using the following conditions:
- Users who are in a Trusted Network can open the application without additional authentication.
- Users who are not in a Trusted Network and are in Brazil must authenticate at the Low assurance level.
- Users who are not in a Trusted Network and are in Argentina, Chile, or Colombia must authenticate at the Medium assurance level.
- All remaining users are denied access.
Rule Set Example Using the Country Attribute
All users from the selected identity source who signed into the application portal can see the application icon in the portal and are evaluated for step-up authentication using the following conditions:
- Users authenticating from Barbados, Belize, or Dominica cannot open the application.
- Users authenticating from the United States or from known browsers and were not denied access in the previous condition can open the application without additional authentication.
- All remaining users who were not denied access in a previous conditions and are authenticating from unknown browsers must authenticate using the High assurance level. This condition is also a fallback method to handle any users whose countries could not be resolved.
