10.2 Manage Authorization Policies

You can create, edit, and delete the authorization policies on an applications or appmark.

10.2.1 Create Authorization Policies

Single Sign-on uses the open standard Open Policy Agent (OPA) as the authorization policy engine to create, delete, and apply the authorization policies. Single Sign-on allows you to define attributes and values for users to provide authorizations to applications and appmarks. OPA allows you to do much more than our current use case. However, Single Sign-on does allow you to create OPA policies using Rego through code editors. Rego is the policy authoring language that OPA developed to create policies.

Single Sign-on allows you to create authorization policies using two different methods. The two different methods are:

10.2.2 Edit an Authorization Policy

Applications > Appmark or Application > Actions > Edit

Single Sign-on allows you to edit the authorizations policies that you have created. You edit the authorization policies when you edit an application or appmark.

To edit an authorization policy:

  1. On the Applications page, select the appropriate application or appmark that contains the authorization policies that you want to edit.

  2. Select Actions > Edit.

  3. Select Authorization Policies, then select Edit.

  4. Make the appropriate changes to the authorization policies, rule sets, and rules.

  5. After editing the rule sets, select Done.

  6. On the Authorization Policies panel, select Done to save your changes.

10.2.3 Delete an Authorization Policy

Applications > Appmark or Application > Actions > Authorization Policies > Delete

Single Sign-on allows you to delete authorization policies. However, an authorization policy must be disabled before you can delete it.

To delete an authorization policy:

  1. On the Applications page, select the application or appmark that contains the authorization policy that you want to delete.

  2. Select Actions > Edit.

  3. Select Authorization Policies, then select Edit.

  4. On the appropriate authorization policy, select the check to disable the authorization policy.

  5. Select Delete, then select Done to save the changes.