Policy sets
PingOne Advanced Identity Cloud uses a policy to determine whether to grant a principal access to a resource.
Policies belong to policy sets. Policy sets define a template for policies that apply to one or more resource types. A policy set groups policies with similar characteristics that protect websites, web applications, or other resources. It eliminates the need to configure the same basic settings repeatedly for each policy.
Application types are templates for policy sets.
Application types aren’t available under Native Consoles > Access Management.
When you define a policy or policy set over REST, the application type appears in the JSON resource.
In Advanced Identity Cloud, the only application type you use is "iPlanetAMWebAgentService"
.
When creating and editing policy sets, consider the following points:
-
You can specify the realm and policy set in a web or Java agent profile.
PingOne Advanced Identity Cloud directs requests from the agent to the specified realm and policy set, providing compatibility with older web and Java agents.
For details, refer to the agent documentation:
- Java agents
- Web agents
-
PingOne Advanced Identity Cloud has a default policy set for OAuth 2.0 policies in each realm, the Default OAuth2 Scopes Policy Set for
OAuth2 Scope
resource types.Create your own policy sets for policies that control access to
URL
resource types.