Configure Device verification policies in OpenAM

This topic has 1 reply, 2 voices, and was last updated 4 years, 4 months ago by Scott Heger.

  • Author
    Posts
  • #21338
     Nav
    Participant

    Hi Everyone,

    I have configured the “DeviceIDMatch” and “DeviceIdSave” modules in my authentication chain which is registering the devices if they didn’t match earlier. But can we configure the policies on this device data collected during the registrations as given below?

    Can we configure the access policies around this device data like “Devices with only MacOS 10.13.3 issued by corporate can only access the resource”? How can this be achieved with OpenAM?

    Thanks,
    Nav

    #21364
     Scott Heger
    Participant

    I would probably write a scripted policy condition script that pulls the saved DeviceID from the user’s profile and parses through it to look for whatever is needed to make a decision. It would then return authorized = true or false depending on what it finds. You would include this script in a policy as an environment condition. See https://backstage.forgerock.com/docs/am/5.5/authorization-guide/#sec-scripted-policy-condition for more details.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?