Policies are logical rules to maintain security and consistency within your Access Manager infrastructure. You can specify the following parameters for a policy:
Activation criteria
Deactivation criteria
Temporal constraints (such as time of day or subnet)
Identity constraints (such as user object attribute values)
Additional separation-of-duty constraints
Identity information can come from any identity source (an Identity Vault, or a directory) or from Access Manager’s Identity Server, which provides full SAML 2.0 support. Identity is available throughout the determination of rights and permissions.
This section includes the following topics: