HP Identity Driven Manager Software Series User Manual

Using Identity Driven Manager

Defining Access Policy Groups

4. Click "New Rule" to enable the Rule fields.

5. Select an option from the pull down menu for each field.

Location

Lists the Locations you created by name, and the
"ANY" option.

Time

Lists the Times you created by name, and the ANY
option.

System

Systems from which the user can log in.
ANY allows user to login in on any system.
OWN restricts users to systems defined for that user.
See “Configuring User Systems” on page 3-28 for
detail.

Access

Lists the Access Profiles you created by name, and

Profile

the REJECT option.

6. Repeat the process for each rule you want to apply to the APG.

7. Once you’ve entered all the rules for the APG, use "Move Up" or "Move

Down" buttons to arrange the rules in the order you want them to be
applied. IDM checks each rule in the list until a match on all parameters
is found, then applies the matching rule to the user.

The Access Policy rules are evaluated in the order they are listed in the
rules table. For example, if you want to allow a user to login in from any
system during the work week (Mon. - Fri.), but you want to deny access
to users on the weekend, you would:

•

Create a Time for the weekend,

•

Create an Access Profile to be applied during weekdays, "Default"

•

Define two rules for the APG, similar to the following:

Location

Time

System

Access Profile

ANY weekend

ANY REJECT

ANY

weekday

ANY

Default

3-17