Create resource rules

When you build a resource rule, you create a graph. The following explains the terms used in the graph.

●       Node—The rectangle components in a graph.

●       Edge—The line that connects two nodes.

●       Handle—The connection point on a node where edges can be attached (the grey circle on the top or the bottom on the node).

●       Canvas—The empty space in the graph building area.

●       Settings—The configuration options for a node added to a resource rule graph. They appear on the side of the graph area when a node is selected.

The Side Bar appears at the side of your graph area.

The Side Bar includes the following icons:

●        Add button.

–  Click + to display the Task menu.  

–  Click  + again or click anywhere in the Canvas to hide the Task menu.

 The Task menu allows you to add the following nodes to your graph:

●       Access Filter

–  Authentication Context ReferencesConfigure to evaluate users with an ACR specified in their request.  This resource rule can be considered only for matching ACR requirements. See Add Authentication Context References for more information. Available for SAML, OIDC and OAuth, Authentication API, and Identity as a Service applications.

–  Domain-based IdPConfigured to evaluate users that are associated or not associated with a domain. This resource rule can only be considered for matching domain requirements. Available for the User, User Edit, and Administrator portals, and SAML and OIDC and OAuth applications.

–  GroupSet the group of users that are evaluated based on the resource rule. This resource rule can only be considered for matching group requirements.

●       Risk Factors (add the following Risk Factors)

–  Date/TimeConfigure allowed date ranges, time of day, and time zones. This risk factor applies to all applications, but it is the only applicable risk factor for Entrust IdentityGuard Legacy applications.

–  Device VerificationRequire a user to perform device verification. No configuration required. Not available for RADIUS applications.

–  ExternalAdd External Risk Engines as a risk factor. See Manage external risk engines for more information. Available only for Authentication APIs and Identity as a Service and OIDC and OAuth applications.

–  GeolocationConfigure to allow or deny access from specific countries.

–  Source IP AddressConfigure allowed or denied IP addresses.

–  Location HistoryThe Risk-Based Authentication (RBA) settings of your Identity as a Service account define the location history. There is no additional configuration required. See Manage risk-based authentication settings for more information.

–  Machine AuthenticationConfigure risk points for device fingerprint mismatches. This risk factor is not applicable to RADIUS applications.

–  TransactionUsed to set Transaction Condition settings. See Manage Transactions on the Create and manage resource rules page for more details about transactions. Available for Identity as a Service, Authentication API, and OIDC and OAuth applications using the JWT IDaas grant type.

–  Travel velocityThe Risk-Based Authentication (RBA) settings of your Identity as a Service account define the travel velocity conditions. There is no additional configuration required. See Manage risk-based authentication settings for more information.

●       Logic Task—Configure the risk assessment.

–  Access EvaluationSet the access requirements users must meet to be able to access the resource.

–  Risk EvaluationSet the risk evaluation to determine a user's risk to allow or deny access to the protected resource.

●       Auth Task Result—Allow or deny access to the protected resource.

–  Allow Access

–  Deny Access

●        Tidy button—Click to improve the appearance of your graph.

●       Undo a change.

●       Redo a change

●       Error messages

–   No errors found

-or-

–   Error detected

●       Click in the Canvas of the graph to display the General Settings.

●       Click a Node to display the settings for the node.

●       To Delete a node, select it in the graph and click Delete, or click the node to display the settings, and click the Delete icon in the settings panel.

●       To delete a risk factor, you can delete it from the graph or click the node to display the risk factor setting and click the Delete icon.

●       To hide the Task menu, click anywhere in the Canvas.

●       As you add nodes to the resource rule, click the Tidy button to clean the graph and reduce the space it takes on the Canvas.

●       To add multiple nodes to a flow element, for example three different Risk Factors, click the Task menu and add them to the Canvas first before you arrange them and connect them with edges to the connecting node in the flow (either Start or Access Evaluation).

●       Hover over a node or the edge between two nodes to see the symbol and then click the add symbol to see the nodes that you can add to the node or between the two nodes.

For example, you added a Geolocation risk factor and connected it to the Start menu, but now you want to add a Group Access Control. Use the add button on the edge between Geolocation and Start to directly add an Access Filter node between them.