HP Identity Driven Manager Software Series User Manual

3-34

Using Identity Driven Manager
Defining Access Policy Groups

6.

Repeat the process for each rule you want to apply to the APG.

7.

The Access rules are evaluated in the order (priority) they are listed in the
Access Rules table. Use

Move Up or Move Down buttons to arrange the

rules in the order you want them to be evaluated. IDM checks each rule
in the list until a match on all input parameters is found, then applies the
corresponding access profile to the user.

For example, if you want to allow a user to login in from any system during
the work week (Mon. - Fri.), but you want to deny access to users on the
weekend, you would:

•

Create a Time for the weekend,

•

Create an Access Profile to be applied during weekdays, "Default"

•

Define two rules for the APG, similar to the following:

Location Time System Access Profile

ANY

weekend

ANY REJECT

ANY

weekday

ANY

Default

When the user is authenticated, IDM checks the Access Policies in the
order listed. If it is Saturday or Sunday, the user’s access is denied. On any
other day, the user is allowed on the network. If the order were reversed,
IDM would never read the second rule because the first rule would provide
a match every day of the week.

8.

Click

OK to save the Access Policy Group and close the window.

IDM will verify that the rules in the APG are valid. If a rule includes a
defined VLAN (from the Access Profile) and the VLAN does not exist on
the network or devices for the location(s), an error message is returned
and you must fix the problem before the APG can be saved.

Click

Cancel

to close the window without saving the Access Policy Group

configuration.

9.

The new Access Policy Group is listed in the Access Policy Groups tab

Access
Profile

Lists the Access Profiles you created by name, the Default
Access Profile, and a REJECT option. Select REJECT if the rule
will prohibit a user from logging in.