Using idm with endpoint integrity systems – HP Identity Driven Manager Software Licenses User Manual

3-45

Using Identity Driven Manager

Defining Access Policy Groups

8. Click OK to save the Access Policy Group and close the window.

IDM will verify that the rules in the APG are valid. If a rule includes a defined
VLAN (from the Access Profile) and the VLAN does not exist on the network or
devices for the location(s), an error message is returned and you must fix the
problem before the APG can be saved.

Click Cancel to close the window without saving the Access Policy Group
configuration.

9. The new Access Policy Group is listed in the Access Policy Groups tab.

Assigning Rules to an Auto-generated Access Policy Group

Active Directory synchronization automatically creates Access Policy Groups with
the default values of:

•

Any Location

•

Any Time

•

Any System

•

Any WLAN

•

Any Device Type Group

•

Any Endpoint Integrity

•

Default Access Profile

To assign specific rules to an Access Policy Group, see Modifying an Access Policy
Group (page 3-46).

Using IDM with Endpoint Integrity Systems

You can create access profiles in IDM to work in conjunction with endpoint integrity
(host integrity) applications to verify that systems attempting to connect to the
network meet security requirements. To use the Endpoint Integrity support option,
you need to first select it in the Endpoint Integrity option in the IDM Preferences
window (Tools->Preferences >
Identity Management).

With the Endpoint Integrity preference set, the Endpoint Integrity option will appear
in the Access Rules windows.