How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I reduce the number of policy matches in Identity Cloud or AM (All versions)?

Last updated Sep 22, 2021

The purpose of this article is to provide information on changes you can make to your policy rules to reduce the number of policy matches, which in turn reduces the time it takes for Identity Cloud or AM to evaluate policies.


1 reader recommends this article

Reducing the number of policy matches

There are a number of changes you can make to your policy rules to reduce the number of policy matches including:

Avoid using wildcards (*)

Always use the full protocol, hostname and port number where ever possible in your policy rules rather than using a wildcard (*).

For example, instead of using: http*://*/test/test.dll/* to cover multiple policy rules, you can separate them out and make them more specific to reduce policy matches, for example:

  • http://example.com:8080/test/test.dll/*
  • https://example.net:8080/test/test.dll/*
  • https://example.com:18080/test/test.dll/*

Use the not enforced URL list

Add URLs for files such as images, JavaScript and css to the Not Enforced URL list to prevent these URLs being evaluated.

You should also ensure the Fetch Attributes for Not Enforced URLs option is not enabled unless specifically required.

See Also

About Authorization and Policy Decisions

Not-Enforced URL and IP

Related Training

ForgeRock Access Management Core Concepts (AM-400)

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.