Create a resource rule

When you build a resource rule, you create a graph. The following explains the terms used in the graph.

Node—The rectangle components in a graph.

Edge—The line that connects two nodes.

Handle—The connection point on a node where edges can be attached (the grey circle on the top or the bottom on the node).

Canvas—The empty space in the graph building area.

Settings—The configuration options for a node added to a resource rule graph. They appear on the side of the graph area when a node is selected.

The Side Bar appears at the side of your graph area.

The Side Bar includes the following icons:

Add button.

Click + to display the Task menu.  

Click  + again or click anywhere in the Canvas to hide the Task menu.

 The Task menu allows you to add the following nodes to your graph:

Access Filters

Authentication Context ReferencesAuthentication Context ReferencesConfigure to evaluate users with an ACR specified in their request. This resource rule can only be considered for matching ACR requirements. See Add Authentication Context References for more information. Available for SAML, OIDC and OAuth, Authentication API, and Identity as a Service applications.

Domain-based IdPDomain-based IdPConfigure to evaluate users that are associated with or not associated with a domain. This resource rule can only be considered for matching domain requirements. Available for the User, User Edit, and Administrator portals, and SAML and OIDC and OAuth applications.

GroupGroupSet the group of users that are evaluated based on the resource rule. This resource rule can only be considered for the matching group requirements.

Risk Factors (add the following Risk Factors)

Date/TimeDate/TimeConfigure allowed date ranges, time of day, and time zones. This risk factor applies to all applications, but it is is the only applicable risk factor for Entrust IdentityGuard Legacy applications.

Device VerificationDevice VerificationRequire a user to perform device verification. No configuration required. Not available for RADIUS applications.

ExternalExternalAdd External Risk Engines as a risk factor. See Manage external risk engines for more information. Available only for Authentication APIs and Identity as a Service OIDC and OAuth applications.

GeolocationGeolocationConfigure to allow or deny access from specific countries.

Source IP AddressSource IP AddressConfigure allowed or denied IP addresses.

Location HistoryLocation HistoryThe Risk-Based Authentication (RBA) settings of your Identity as a Service account define the location history. There is no additional configuration required. See Manage risk-based authentication settings for more information.

Machine AuthenticationMachine AuthenticationConfigure risk points for device fingerprint mismatches. This risk factor is not applicable to RADIUS applications.

TransactionTransactionUsed to set Transaction Condition settings.  Available for Identity as a Service, Authentication API, and OIDC and OAuth applications using JWT IDaaS grant types.

Travel velocityTravel velocityThe Risk-Based Authentication (RBA) settings of your Identity as a Service account define the travel velocity conditions. There is no additional configuration required. See Manage risk-based authentication settings for more information.

Logic Task—Configure the risk assessment.

Access EvaluationAccess EvaluationSet the access requirements users must meet to be able to access the resource.

Risk EvaluationRisk EvaluationSet the risk evaluation to determine a user's risk to allow or deny access to the protected resource.

Auth Task Result—Allow or deny access to the protected resource.

Allow Access

Deny Access

Tidy button—Click to improve the appearance of your graph.

Undo a change.

Redo a change

Error messages

No errors found

-or-

 Error detected

Click in the Canvas of the graph to display the General Settings.

Click a Node to display the settings for the node.

To Delete a node, select it in the graph and click Delete, or click the node to display the settings, and click the Delete icon in the settings panel.

To delete a risk factor, you can delete it from the graph or click the node to display the risk factor setting and click the Delete icon.

To hide the Task menu, click anywhere in the Canvas.

Click Save to save your changes..

As you add nodes to the resource rule, click the Tidy button to clean the graph and reduce the space it takes on the Canvas.

To add multiple nodes to a flow element, for example three different Risk Factors, click the Task menu and add them to the Canvas first before you arrange them and connect them with edges to the connecting node in the flow (either Start or Access Evaluation).

Hover over a node or the edge between two nodes to see the symbol and then click the add symbol to see the nodes that you can add to the node or between the two nodes.

For example, you added a Geolocation risk factor and connected it to the Start menu, but now you want to add a Group Access Control. Use the add button on the edge between Geolocation and Start to directly add an Access Filter node between them.