Axis evaluates Policy Rules to specific Destinations (Applications or Application Tags) on a first-match principle. For instance, when a user attempts to access a specific application, Axis begins evaluating all of the configured policies starting with the first rule in a set of policy rules. As soon as it finds a policy that matches the criteria that were specified in a rule, it enforces that policy rule and disregards all other rules that follow, including any lower-priority or conflicting rules. If no rule was matched, the default rule is chosen which is always set to "Block".
- Click the toggle to enable or disable a rule.
- Change priorities by clicking the icon and moving the rule to another location in the list.
- Edit a policy or delete it by hovering over the area next to the rule and selecting edit or delete.
- In the Management Console, go to Policy -> Rules -> Add Rule.
Add name and description.
- Click the box next to Make this rule temporary if you wish to create a temporary rule. Select a date and time range.
- Add Conditions.
You can apply the following conditional access criteria to a rule as described in the following table.
The following table describes each condition, its role, and capabilities.
Select a User Group from the drop-down menu or click add Add.png to use an Okta identity, an Axis IdP identity, custom SAML Query or identity group.
Select a Source from the drop-down menu or click add Add.png to add a new IP range IP that users can access.
Device Trust (Device Posture)
Select a Device Trust from the drop-down menu or click add to add an Axis Client Posture or a Client Certificate. For information on Axis Client Device Posture, click here
To have a condition that is applied to Mac and Windows OS on the same rule:
Select a Time Range from the drop-down menu or click add Add.png to add a new Time Range
Configure a time range that users can access a protected resource.
Specify what users can access:
Note: If all the Conditions are left default/blank they are set to match "Any". You can remove a condition by hovering over the condition and clicking remove icon.
Under Action, select whether the rule blocks or allows access.
If no profile is selected, the system will refer to the default profile.
- Select an RDP profile from the drop-down menu or click add to add a new RDP profile.
- Select an SSH profile from the drop-down menu or click add to add a new SSH profile.
- Select a web app profile from the drop-down menu or click add to add a new web app profile.
- Select a Git profile from the drop-down menu or click add to add a new Git profile.
Click Apply Changes in the top menu bar.
To commit your changes, navigate to the top-right menu, click Apply Changes, then select Commit Changes.
Updated 2 months ago