In the Administration Console, click > .
In the Policy Container drop-down list, select the container.
If you have not created any containers, only the Master_Container is available in the list.
You can perform the following tasks from this page:
Before creating policies, you need to design your policy strategy. For example, if you are going to use role-based access, you need to decide which roles you need and which roles allow access to your protected resources. Roles, which are used by Authorization policies that grant and deny access, need to be created first. If you have already created the roles and assigned them to users in your LDAP user store, you can use the values of your role attributes in the Authorization policies rather than using Access Manager roles.
To create a policy, see the following sections:
Policies can be sorted by name and by type. On the Policies page, click in the , and the policies are sorted alphabetically by name. To sort alphabetically by type, click in the .
You can also use containers to organize your policies. For more information, see Section 1.5, Managing Policy Containers.
A policy cannot be deleted as long as a resource is configured to use the policy. For Access Gateway and J2EE Agent policies, this means that you must remove the policy from all protected resources.
Roles can be used by Authorization, Form Fill, and Identity Injection policies. Before you can delete a Role policy, you must remove any reference to the role from all other policies.
Copy: To copy a policy, select a policy, click , then click . The new policy is named “Copy of ...” This is useful when you are creating multiple policies that require only minor variations to make them unique. You should rename the policy after making these modifications.
Rename: To rename a policy, select a policy, click , specify a new name, then click .
Policies that are created in the Administration Console can be exported and used in another Administration Console that is managing a different group of Access Gateways and other devices. Each policy type has slightly different import requirements. See the following:
To create the default policy that the SSL VPN server uses, click the option. This option creates an Identity Injection policy that is used to set up single sign-on with the SSL VPN server. After you have created this policy, this option is no longer available.
If you have made changes in policy assignments that are not reflected on the page, click . This action can take a while to complete if you have numerous policies and have assigned them to protect numerous resources. The Administration Console needs to verify the configuration of each device.
The table displays the following information about each policy.
|
Column |
Description |
|---|---|
|
|
Displays the name of the policy. To modify a policy, click its name. |
|
|
Specifies the type of policy (Authorization, Identity Injection, Roles, or Form Fill) and the type of resource that can use it (Identity Server, Access Gateway, or J2EE Agent). |
|
|
Displays the name of the Access Gateway, the Identity Server configuration, or the J2EE Agent that the policy is assigned to. If the policy is unassigned, this column has no value. If the policy is assigned to a protected resource, click the down-arrow button to view the names of the resources it has been assigned to. |
|
|
Specifies whether the policy uses any extensions. If none has been used, this column has no value. |
|
|
Displays a description of the policy. If no description has been specified, this column has no value. |