Enforcing Access Control

You can enforce access control rules for specific users and groups. It includes three stages:

  • Adding users to the policy

  • Adding user groups to the policy

  • Installing the policy

To get policy enforcement for users and groups:

In the Policy menu, click Access Control, and then click Internet Access or Network Access to access the policy Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase..

  1. Access Control and click (+) in the Source column to add a New User.

  2. You can load users automatically from your Identity Provider or add them manually.

    See Feature Support which Identity Providers allow automatic synchronization of users and groups.

    1. For Identity Providers that support automatic sync, click User and Groups.

      The User and Groups window opens with users loaded as they are defined in the Identity Provider account.

      Select each user that you want to add to the policy.

    2. For Identity Providers that do not support automatic sync, to add the users manually, click New User.

      An Add User window opens.

      The Name is the user full name.

      The User Name should be the unique identifier of the user. In most Identity Providers (Microsoft Entra ID (formerly Azure AD), Microsoft ADFS, Okta, and PingID) this is the user email.

      Make sure that this case-sensitive User Name appears in the Identity Provider account.

  3. Click Add.

  1. To add a Group to the policy, click (+) in the Source column.

  2. You can load groups automatically from your Identity Provider or add them manually.

    1. For Identity Providers that support automatic sync, click User and Groups.

      The User and Groups window opens with groups loaded as they are defined in the Identity Provider account.

      Select each group that you want to add to the policy.

    2. For Identity Providers that do not support automatic sync, to add the groups manually, click New Group.

      An Add Group window opens.

      Enter the group Name and Group Identifier.

      The Group Identifier is the ID or the name of the user group as seen at your Identity Provider.

      Identity Provider

      Group Identifier

      Microsoft AD FS

      		 Group GUID

      OneLogin

      		 Group Name
      Generic As per the Identity Provider.

      Group ID appears in the Group Overview of the Ping Identity portal.

      Make sure that the same Group Identifier appears in the Identity Provider account.

  3. Click Add.

  1. To re-use the created user or group, click (+) and select Users and Groups.

    The Users and Groups window opens.

  2. Select the relevant users and group and click Add.

  3. To add more users and groups in this window, click New, and select User or Group.

After you add all Users and Groups:

  1. From the left navigation panel, click Policy.

  2. From the top toolbar, click Install Policy.