Access Rules
Access Rules are useful for automatically granting Access Entities to users in a particular department, group, or location, for example. They can be checked and applied periodically to maintain accuracy of access entitlements and ensure your application licenses are optimally allotted.
Type: Type of check to apply before applying access to users
Simple: Run a simple filter condition against all users, and grant access to all users that match
Scripted: For each user, apply the script and return true/false if the access should be granted
Brute force mode: When disabled, all access requests are made via Catalog Items, and include all associated approvals and checks against Okta prior to granting access. When enabled, the Service Catalog and all approvals/checks are bypassed, immediately making the access request to Okta.
Run daily for all user: When enabled, this rule will run daily for all active users in ServiceNow.
Using Run daily for all users can result in a large computation load on ServiceNow and the Okta instance. If enabled, it is recommended that Brute force mode is enabled, and that Track assignment locally is enabled for all associated Access Entities.
Access entities: Access Entities that will be granted/removed by this Access Rule
Apply inverse: If enabled, access will be removed from users who do not match the rule. If disabled, the rule is only able to grant access, but not remove.
Programmatically Applying Access Rules
All Access Rules can be assessed for a specific user with:
var ocHelper = new x_yala_okta_cat.OktaCatalogHelper();
ocHelper.processAccessRules([user sys_id]);A single Access Rule can be assessed for a specific user with:
var ocHelper = new x_yala_okta_cat.OktaCatalogHelper();
ocHelper.processAccessRule([access rule sys_id],[user sys_id]);Last updated