Identity Cloud


Authorization policies let Identity Cloud determine whether to grant a subject access to a resource.

A policy defines the following:


The resource to which access is restricted, such as a web page, a mobile app, or a boarding area in an airport.


The verbs that describe what users can do to the resource, such as read a web page, submit a web form, or access a boarding area.

subject conditions

Who the policy applies to, such as all authenticated users, only administrators, or only passengers with valid tickets for planes leaving soon.

environment conditions

The circumstances under which the policy applies, such as only during work hours, only when accessing from a specific IP address, or only when the flight is scheduled to leave within the next four hours.

response attributes

Information that Identity Cloud attaches to a response following a policy decision, such as a name, email address, or frequent flyer status.

Copyright © 2010-2023 ForgeRock, all rights reserved.