How To
ForgeRock Identity Platform
ForgeRock Identity Cloud

How do I reduce the number of policy matches in Identity Cloud or AM (All versions)?

Last updated Jan 16, 2023

The purpose of this article is to provide information on changes you can make to your policy rules to reduce the number of policy matches, which in turn reduces the time it takes for ForgeRock Identity Cloud or AM to evaluate policies.


1 reader recommends this article

Reducing the number of policy matches

There are a number of changes you can make to your policy rules to reduce the number of policy matches including:

Avoid using wildcards (*)

Always use the full protocol, hostname and port number where ever possible in your policy rules rather than using a wildcard (*).

For example, instead of using: http*://*/test/test.dll/* to cover multiple policy rules, you can separate them out and make them more specific to reduce policy matches, for example:

  • http://example.com:8080/test/test.dll/*
  • https://example.net:8443/test/test.dll/*
  • https://example.com:443/test/test.dll/*

Use the not enforced URL list

Add URLs for files such as images, JavaScript and css to the Not Enforced URL list to prevent these URLs being evaluated.

You should also ensure the Fetch Attributes for Not Enforced URLs option is not enabled unless specifically required.

See Also

Authorization and policy decisions

Not-enforced

Related Training

ForgeRock Access Management Deep Dive (AM-410)

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.