Access Rules
Last updated
Last updated
Access Rules are useful for automatically granting Access Entities to users in a particular department, group, or location, for example. They can be checked and applied periodically to maintain accuracy of access entitlements and ensure your application licenses are optimally allotted.
Type: Type of check to apply before applying access to users
Simple: Run a simple filter condition against all users, and grant access to all users that match
Scripted: For each user, apply the script and return true/false if the access should be granted
Brute force mode: When disabled, all access requests are made via Catalog Items, and include all associated approvals and checks against Okta prior to granting access. When enabled, the Service Catalog and all approvals/checks are bypassed, immediately making the access request to Okta.
Run daily for all user: When enabled, this rule will run daily for all active users in ServiceNow.
Apply inverse: If enabled, access will be removed from users who do not match the rule. If disabled, the rule is only able to grant access, but not remove.
All Access Rules can be assessed for a specific user with:
A single Access Rule can be assessed for a specific user with:
If you wish to run Access Rules on demand, see the section below to .
Using Run daily for all users can result in a large computation load on ServiceNow and the Okta instance. If enabled, it is recommended that Brute force mode is enabled, and that Track assignment locally is enabled for all associated .
Access entities: that will be granted/removed by this Access Rule
