Create or edit an access control policy
In this topic, you will learn how to create and assign an access control policy in Portnox™ Cloud.
To understand what are policies in Portnox Cloud, what types of policies are available, and how they work together with accounts and groups, read the following topic: What are policies in Portnox Cloud?.
-
In the Cloud portal top menu, click on the Policies option.
-
In the right hand pane, click on the Create a new Policy link to create a new policy.
Note: You can also click on the Edit link on the right-hand side of the selected line that represents the policy. The creation and editing processes are almost the same.
-
In the Access Control Policy Name field, enter the name for the new policy and in the field
below, enter an optional description.
If you’re editing the System Default Policy, you cannot change its name.
-
On the left-hand side, select Wireless in the NETWORK TYPE field to
configure policy rules for wireless networks.
Each policy contains rules for all three network types. If you do not configure a specific network type, Portnox Cloud will use default settings for that network type.
-
In the SUCCESSFUL AUTHENTICATION tab, define the rules for successful authentication for
wireless networks:
These rules will apply if the device authenticates successfully with Portnox Cloud and gains access to the network.
-
In the AUTHENTICATION VIOLATION tab, define the rules for authentication violation for wireless
networks:
These rules will apply if the device fails to authenticate with Portnox Cloud for any reason.
-
In the RISK POLICY VIOLATION tab, define the rules for risk policy violation for wireless
networks. The configuration process is identical to the one for the AUTHENTICATION VIOLATION
tab.
These rules will apply if the device fails the assigned risk assessment policy. To create or edit a risk policy, see the following topic: Create or edit a risk assessment policy.
-
In the BLOCKED BY ADMIN tab, define the rules for when the wireless device is blocked by the
administrator. The configuration process is identical to the one for the AUTHENTICATION VIOLATION
tab.
These rules will apply if the Portnox Cloud administrator manually blocks the device on the Devices screen.
-
In the NETWORK TYPE field, select the Wired option and repeat the steps
above for wired networks.
The configuration options for wired networks are identical to those for wireless networks.
-
In the NETWORK TYPE field, select the VPN option and repeat the following
steps for all tabs: SUCCESSFUL AUTHENTICATION, AUTHENTICATION VIOLATION,
RISK POLICY VIOLATION, and BLOCKED BY ADMIN:
The configuration options for VPNs are identical for all four tabs.
-
To save your policy settings, click on the Save policy changes button in the top right
corner.
Result: You created or edited an access control policy. You can now assign this policy to groups.
To assign policies to groups, see the following topic: Assign policies to a group.