HP Identity Driven Manager Software Licenses User Manual

3-37

Using Identity Driven Manager

Defining Access Policy Groups

IDM will verify that the rules in the APG are valid. If a rule includes a
defined VLAN (from the Access Profile) and the VLAN does not exist on
the network or devices for the location(s), an error message is returned
and you must fix the problem before the APG can be saved.

Click

Cancel

to close the window without saving the Access Policy Group

configuration.

9.

The new Access Policy Group is listed in the Access Policy Groups tab.

Assigning Rules to an Auto-generated Access Policy Group

Active Directory synchronization automatically creates Access Policy Groups
with the default values of:

•

Any Location

•

Any Time

•

Any System

•

Any WLAN

•

Any Endpoint Integrity

•

Default Access Profile

To assign specific rules to an Access Policy Group, see Modifying an Access
Policy Group (page 3-39).

Using IDM with Endpoint Integrity Systems

You can create access profiles in IDM to work in conjunction with endpoint
integrity (host integrity) applications to verify that systems attempting to
connect to the network meet security requirements. To use the Endpoint
Integrity support options you need to select the Endpoint Integrity option in
the IDM Preferences window (

Tools->Preferences->Identity Management

).

With the Endpoint Integrity preference set, the

Endpoint Integrity

option will

appear in the

Access Rules

windows.