Policies are logical rules to maintain security and consistency within your Access Manager infrastructure. You can specify the following parameters for a policy:
Activation criteria
Deactivation criteria
Temporal constraints (such as time of day or subnet)
Identity constraints (such as user object attribute values)
Additional separation-of-duty constraints
Identity information can come from any identity source (an Identity Vault, or a directory) or from Access Manager’s Identity Server, which provides full Liberty Alliance specification support and SAML 2.0 support. Identity is available throughout the determination of rights and permissions.
This section includes the following topics: