Create an access policy

We can create an access policy in JavaScript and then use the local management interface to deploy it.

Before you begin, ensure that we understand the following concepts.

• The business requirements or scenarios for the access policy.
• The types ISAM deployments that can enforce and use access policies.

For information, see Access policies.

Steps

1. Create the policy by writing JavaScript that enforces the requirements.

   See Access policy development.

2. Use the Access Policies menu in the local management interface to add the policy to your deployment.

   See Manage access policies.

3. Enable access policies for your deployment, and apply the necessary access policy.

   Follow the instructions for your type of deployment.

   • SAML 2.0 identity provider federation

     Use the local management interface Federation > Manage > Federations wizard to enable access policies, and select a policy to assign to the federation. See Create and modify a federation.

   • SAML 2.0 service provider partner to an identity provider federation

     Use the local management interface Federation > Manage > Federations wizard to enable access policies, and select a policy to assign to the partner. See Manage federation partners. If we enable access policies on the partner, and select a policy, the partner policy takes precedence over any policy assigned to the federation. If we do not enable access policies on the partner, access policies that are enabled for the federation are still enforced.

   • OpenID Connect and API Protection Definition

     When we create or manage an API Protection Definition, we can choose to specify an access policy. See Create an API protection definition.

Parent topic: Access policies