Allowing vs. rejecting access – HP Identity Driven Manager Software Series User Manual
Page 221
A-5
IDM Technical Reference
Best Practices
Allowing vs. Rejecting Access
When evaluating the rules for the Access Policy Group when a user logs in, IDM is
looking to match all three of the parameters (Location, Time, System). If it does not
get a match on all three, it will go to the next rule in the list. When a match on all
three parameters is found, the Access Profile for that rule is applied.
There are two ways to look at the process of restricting user access using Access
Profiles in Access Policy Group (APG) rules.
A. Create rules that allow access.
B. Create rules that reject access.
For example, to create an APG to allow access during the standard work week, you
can create a Time that defines the work week, then create an Access Policy to be
applied during that time. In this example, a Default policy was created. The APG to
allow user access during the work week would then look like this:
Users in the group will be allowed access as long as they are logging in during the
times set for the Work week. At any other time, the user will be denied access, and
an IDM event will be logged for the reason that no matching rules were found in the
APG.
To create a rule that denies access on the weekend, while allowing access during the
work week, you will need a Time to define the weekend. You will also need an Access
Policy to define the access at all other times. In the Access Profile Group, you would
enter two rules, similar to the following:
In this instance, if the user attempts to login in during the times specified for the
Weekends, they will be rejected, and an IDM event will be logged indicating that the
APG had a specific Reject rule set to deny access.
If the user logs in at times not specified for the weekend, since the time in the first
rule does not match, IDM moves to the second rule. Since all parameters match, the
user is allowed on the network and the “Default” Access Profile settings are applied
at the switch.