Name

Specifies a unique name for the policy.

Enter a name for the policy.

Description

Describes the policy.

Enter a brief description for the policy.

Administrative Domain

Identifies the IP address, username, or MAC address data.

In a large network environment with several domains, a username, an IP address, or a MAC address could be duplicated. By entering the domain, you ensure that the correct user is identified.

Type the administrative domain for the session export policy. If you want different aspects of a user session to be exported with different administrative domains, you then create several export rules.

Roles

Determines the roles for which this policy should apply.

Select roles from the Non-members area and add the roles to the Members area.

Stop on match

Stops matching the roles when an IF-MAP client has successfully matched the roles selected for this policy to roles based on session-import policies configured on the target device.

Select this option to stop matching roles after a successful match is found.

Set IF-MAP Identity

Specifies the applicable identity.

Select this action and the identity options appear.

• Identity—Enter the identity name. Identity is normally specified as <Name>, which assigns the user’s login name. Any combination of literal text and context variables may be specified.
• Identity Type—Select the identity type. If you choose Other for Identity Type, enter a unique identity type in the text box.

Set IF-MAP Roles

Specifies the applicable roles.

Select this action and the following role options appear.

• Copy matching roles—Select this option to copy all of the user roles that match the roles specified in the Roles section of this policy into the IF-MAP roles data.
• Copy ALL roles—Select this option to copy all of the roles from the user session to the IF-MAP capabilities data.
• Set roles specified below—Select this option to set the specified roles. The Roles option appears. From Roles, click New and enter a specified role.

Set IF-MAP Capabilities

Specifies the applicable roles.

Select this action. When you select this action and the following role options appear.

• Copy matching roles—Select this option to copy all of the user roles that match the roles specified in the Roles section of this policy into the IF-MAP capabilities data.
• Copy ALL roles—Select this option to copy all of the roles from the user session to the IF-MAP roles data.
• Set capabilities specified below—Select this option to set the specified capabilities. The Capabilities option appears. From Capabilities, click New and enter a specified capability.

Set IF-MAP Device Attributes

Specifies a passed Host Checker policy on the Infranet Controller or SA appliance.

Select this action and the following options appear.

• Copy Host Checker policy names—Select this option to copy the name of each Host Checker policy that passed for the session to a device attribute.
• Set device attributes specified below—Select this option to set the specified device attributes. The Device Attributes option appears. From Device Attributes, click New and enter a specified device attribute.