Defining access policy groups, Defining access policy groups -15 – HP Identity Driven Manager Software Series User Manual
Page 53
Using Identity Driven Manager
Defining Access Policy Groups
Defining Access Policy Groups
An Access Policy Group (APG) consists of a set of rules that are used to
determine the authorization [access controls] that are applied to an authenti
cated user. Each rule in an Access Policy includes the following parameters:
•
Location
•
Time
•
System
•
Access Profile
When a user assigned to the APG is authenticated on the RADIUS Server, the
IDM Agent applies the appropriate rule, which can cause the switch to accept
or reject the user, and modify the switch configuration to provide the appro
priate network resources to the accepted user.
You can create an APG that does not have any limitations, that is, it allows
"Any" location, time, system, and accepts the default switch settings for VLAN,
QoS, and Bandwidth. This would allow you to use IDM to monitor logins and
network resource usage by user, without limiting user access to the network.
To begin, click the Access Policy Group node in the IDM tree to display the
Access Policy Groups tab.
You can expand the Access Policy Group node in the tree, and click the
individual APG node to display the Policy properties.
3-15