Skip to main content

Policies

Policies allow you to configure access settings for a specific group of users.

Create a policy

  1. In the Management Console sidebar, open the Policies section.
  2. Click Create a policy.
  3. Specify values for the following parameters:
    • Priority. The higher the value, the higher the priority.
    • Name
    • Description (optional)

Configure a policy

In the policy card, you can configure policy parameters.

  1. In the Management Console sidebar, open the Policies section.
  2. To open the policy, click the policy name.
  3. Go to the required tab and perform the corresponding configuration.

Edit information

In the policy card, you can change the previously set name, priority, and description of the policy.

  1. On the Information tab, click Edit.
  2. Make the required changes.
  3. Click Save.

Add/remove an application

If you need to configure a policy, add applications that are affected by this policy:

  1. In the policy card, go to the Applications tab.

  2. Click Add an application.

  3. In the Add an application window, select the required application.

  4. Click Add.

    The application appears in the table with all added applications.

Note

You can only add an application if you have a registered license for this module.

To remove an application:

  1. In the policy card, go to the Applications tab.

  2. Select an application.

  3. Click Remove and confirm the removal.

    The application will be removed from the list of added applications.

For more information about application settings, see the Applications section.

Add/remove objects in scope

To apply policy settings to specific users, add objects to the scope. You can add individual users, groups, or departments.

To add an object to the scope:

  1. In the policy card, go to the Scope tab and click Add.

  2. In the Object type field, select the type:

    • User
    • Group
    • Department

  3. In the Location field, select the object location. It can be the entire user catalog or a separate container.

  4. In the Name field, specify the full or partial name of the object and click Search.

    If you leave the Name field empty, the search results display all objects of the specified type that are in the selected location.

  5. Select an object.

  6. Click Add.

The object appears in the list of scope objects.

A global administrator can also search for and remove objects from the policy scope.

You can use templates defined in the Management Console configuration file to search for objects.

To remove an object from the scope:

  1. In the policy card, go to the Scope tab.

  2. Select an object.

  3. Click Delete and confirm the deletion.

    The object will be removed from the list of objects in the scope.

The global administrator can also use the object search function.

To locate and delete an object in the policy scope:

  1. In the policy card, go to the Scope tab.

  2. Click Search. The search page appears.

  3. In the Object type field, select the type:

    • User
    • Group
    • Department

  4. In the Location field, select the object location. It can be the entire user catalog or a separate container.

  5. In the Name field, specify the full or partial name of the object and click Search.

    If you leave the Name field empty, the search results display all objects of the specified type that are in the selected location.

  6. Select an object from the search results, click Delete and confirm the deletion.

The object will be removed from the list of objects in the scope.

Assign roles

You can assign users who can have the role of administrator, operator, or inspector for this policy. You can assign a role to individual users or a group of users. Each role has its own set of rights.

To assign a role:

  1. In the policy card, go to the Administrators tab and click Add.

  2. Select a role:

    • Administrator
    • Operator
    • Inspector

  3. In the Object type field, select the required type:

    • User
    • Group

  4. In the Location field, select the object location. It can be the entire user catalog or a separate container.

  5. In the Name field, specify a full or partial name of the object and click Search.

    If you leave the Name field empty, the search results display all objects of the specified type that are in the selected location.

  6. Select an object.

  7. Click Add.

After you add an object, the object is displayed in the list on the Administrators tab.

Distribute licenses

You can set the available number of licenses for a specific policy to limit the number of licenses used for a container. For more information on how to do this, see the Licenses section.

Delete a policy

  1. In the Management Console sidebar, open the Policies section.
  2. In the policy list, select the required policy.
  3. Click Delete and confirm the deletion.

The deleted policy will disappear from the list of policies.

Also, you can delete a policy from the policy card by performing the following steps:

  1. In the policy card, go to the Information tab.
  2. Click Delete and confirm the deletion.

User data caching

This setting allows enabling user data caching on the local computer for the Windows Logon component and applications integrated with the Enterprise Single Sign-On module.

If this setting is enabled for applications, you can log in to the system using an authenticator even without the physical network connection. If there is no connection, cached user data is used.

You can enable user data caching in either in policy settings or individually for each user.

If a user is affected by a policy, you cannot change caching settings individually.

For more information on how to enable this setting, see User data caching.