Previous Topic: Configure a Realm and a Rule for the Tenant DomainNext Topic: Create the Authentication Method

Single Sign-On ServiceSSO Getting Started GuideSSO using a Third-party IdP and Self-registrationConfigure and Apply an OpenID Authentication SchemeUse the Authentication Scheme in a PolicyCreate the Policy to Protect the Authentication URL

Create the Policy to Protect the Authentication URL

Create a policy for the domain. Policies define relationships between users and resources. The policy components work together and protect the resource.

After you create the policy, you add users and rules.

Follow these steps:

  1. Click Policies, Domain.
  2. Click Domains.
  3. Specify search criteria, and click Search.

    A list of domains that match the search criteria appears.

  4. Click the edit icon next to the domain for which you want to create a policy.

    The Modify Domain page appears.

  5. Click the Policies tab.

    The Policies page appears.

  6. Click Create.

    The Create Policy page appears.

  7. Enter a name and a description for the policy. Use a name that indicates that the policy is for the authentication URL.
  8. Add individual users, user groups, or both from the Users tab. The users are members of the tenant user directory associated with the domain. When a user tries to access a protected resource, the policy verifies whether the user is allowed to access the resource.

    Note: If you select Add Members, the User/Groups pane opens. Individual users are not displayed automatically. Use the search utility to find a specific user within one of the directories.

    You can edit or delete a user or group by clicking the right arrow (>) or minus sign (-), respectively.

  9. When you have finished selecting users, user groups or both, click OK.
  10. Add rules to the policy from the Rules tab.

    Rules indicate which resources are part of a policy and whether to allow or deny access to the resources.

    Note: Add at least one rule or rule group to a policy.

    The Available Rules pane opens.

  11. Select the rule that you created for the authentication URL resource.

    For example, if you configured a rule specific to Google, named oauth_googlerule, select that rule.

    You are not required to configure a response for the rule.

  12. Click OK.
  13. Click Submit to save the policy.

The policy configuration is complete.