HP Identity Driven Manager Software Series User Manual
Page 103
3-39
Using Identity Driven Manager
Defining Access Policy Groups
IDM will verify that the rules in the APG are valid. If a rule includes a
defined VLAN (from the Access Profile) and the VLAN does not exist on
the network or devices for the location(s), an error message is returned
and you must fix the problem before the APG can be saved.
Click
Cancel
to close the window without saving the Access Policy Group
configuration.
9.
The new Access Policy Group is listed in the Access Policy Groups tab.
Assigning Rules to an Auto-generated Access Policy Group
Active Directory synchronization automatically creates Access Policy Groups
with the default values of:
•
Any Location
•
Any Time
•
Any System
•
Any WLAN
•
Any Endpoint Integrity
•
Default Access Profile
To assign specific rules to an Access Policy Group, see Modifying an Access
Policy Group (page 3-41).
Using IDM with Endpoint Integrity Systems
You can create access profiles in IDM to work in conjunction with endpoint
integrity (host integrity) applications to verify that systems attempting to
connect to the network meet security requirements. To use the Endpoint
Integrity support options you need to select the Endpoint Integrity option in
the IDM Preferences window (
Tools->Preferences->Identity Management
).
With the Endpoint Integrity preference set, the
Endpoint Integrity
option will
appear in the
Access Rules
windows.