Identity Cloud

Policy sets

Identity Cloud uses a policy to determine whether to grant a principal access to a resource.

Policies belong to policy sets. Policy sets define a template for policies that apply to one or more resource types. A policy set groups policies with similar characteristics that protect websites, web applications, or other resources. It eliminates the need to configure the same basic settings repeatedly for each policy.

Application types are templates for policy sets. Application types aren’t available under Native Consoles > Access Management. When you define a policy or policy set over REST, the application type appears in the JSON resource. In Identity Cloud, the only application type you use is "iPlanetAMWebAgentService".

When creating and editing policy sets, consider the following points:

  • You can specify the realm and policy set in a web or Java agent profile.

    Identity Cloud directs requests from the agent to the specified realm and policy set, providing compatibility with older web and Java agents.

    For details, refer to the agent documentation:

  • Identity Cloud has a default policy set for OAuth 2.0 policies in each realm, the Default OAuth2 Scopes Policy Set for OAuth2 Scope resource types.

    Create your own policy sets for policies that control access to URL resource types.

Copyright © 2010-2024 ForgeRock, all rights reserved.