Policy sets
Advanced Identity Cloud uses a policy to determine whether to grant a principal access to a resource.
Policies belong to policy sets. Policy sets define a template for policies that apply to one or more resource types. A policy set groups policies with similar characteristics that protect websites, web applications, or other resources. It eliminates the need to configure the same basic settings repeatedly for each policy.
Application types are templates for policy sets.
Application types aren’t available under Native Consoles > Access Management.
When you define a policy or policy set over REST, the application type appears in the JSON resource, for example, "iPlanetAMWebAgentService".
Default policy sets
Advanced Identity Cloud includes the following default policy sets:
- Customer Application Policy Set (
customerApplicationPolicySet) -
The policy set is designed for application authorization journeys. It uses the
Authenticationresource type to simplify authentication flows.Learn about app authorization journeys in the App Policy Decision node documentation.
- Default OAuth2 Scopes Policy Set (
oauth2Scopes) -
Use this policy set for
OAuth2 Scoperesource types.
Create your own policy sets to control access to URL resource types.
|
Agents and policy sets
You can specify a policy set and the realm in a web or Java agent profile.
Advanced Identity Cloud directs requests from the agent to the specified realm and policy set, providing compatibility with older web and Java agents.
Find more information in the agent documentation:
- Java agents
- Web agents