Creating Policy Sets and Policy Assignments

The following procedure provides information on how to create a policy set and apply a policy assignment.

To create a policy set and specify the policy assignment:

  1. Log in to Admin Portal.

  2. Click Access > Policies > Add Policy Set.

  3. Enter a name for the policy set.

    You can use uppercase and lowercase characters, spaces, numbers, and most special characters (you cannot, for example, use the forward and backward slash). The Name text box outline turns red if you enter an illegal character.

  4. Enter the Description you want to appear on the Admin Portal Policy page.

  5. Configure the Set policy to active option if necessary. This option is enabled by default.

  6. Specify the policy assignment:

    Policy settings available change based on what option you select here (i.e., Everything, Specified Roles, Sets). This is because only some policies are user specific, while almost all of them are non-user specific.

    • Everything

      Applies this policy to all users registered in Privileged Access Service and all resources added to the Privileged Access Service. The following is an example of the policies available:

    Apply Everything

    • Specified Roles

      Click Add to select the Roles (see Adding roles to configure roles in the Admin Portal) to which you want this policy applied. All current and subsequent policy settings apply to the roles selected. The following is an example of the policies available:

    Apply Sets

    • Sets

      Specify the set type (this applies to the following resource types: Account, Database, Domains, Secrets, SSH Keys, Systems) and then select or enter the sets to which you want to apply policy settings. This assumes you have already configured sets for the specified Set type. For information on creating sets for resources, see Managing sets.

    Only the policy settings that apply to the particular set are available for configuration. See the following example:

    Policy Set Example

    To configure the password rotation time and complexity:

    Password Rotation

    1. Click Accounts from the left menu.

    2. Scroll to Security Settings and set Enable periodic password rotation to Yes and enter the desired value for Password rotation interval (days).

    3. Select Add New Profile from the Password Complexity Profile dropdown menu.

    4. Read the Confirm password profile alert and click Continue.

    5. Complete the Password Complexity Profile information and click Save.

      Password Complexity

  7. Click Save.