Managing IAG client endpoint policies
Applies To: Intelligent Application Gateway (IAG)
This topic describes how you create, edit, and remove policies and expressions on IAG.
For information about IAG endpoint policies, including where in IAG you assign policies, see Planning for IAG client endpoint policies.
Managing policies
This section provides instructions on how you create, edit, and remove policies.
To create policies
In an area where you assign policies, click Manage Policies.
On the Manage Policies and Expressions dialog box, under Components, select Policies, and then click Add Policy.
On the Policy Editor dialog box, take the following steps:
In the Name box, enter the policy name.
In the Explanatory text added to "Access Denied" message provided to the end user box, you can enter text that will be displayed to users in the message that they receive if their computer does not comply with the policy.
If you want to create a policy from platform-specific policies, click the Create a policy from platform-specific policies button.
If you want to create a policy from expressions, click the Create a policy from expressions button. If you select this option, then skip to step 5.
On the Policy Editor dialog box, under Select platform-specific policies, take the following steps:
In each of the lists next to Windows, Mac OS, and Linux, select a platform-specific policy; if you need to create new platform-specific policies or to edit existing platform-specific policies, see Managing IAG platform-specific endpoint policies.
In the list next to Other, select the policy that applies to endpoint devices that run platforms other than Windows, Mac OS, or Linux.
If you want to allow access to internal sites and applications, select Always.
If you want to block access to internal sites and applications, select Never.
After you select policies for all the available platforms, on the Policy Editor dialog box, click OK, and then on the Manage Policies and Expressions dialog box, click Close.
If you select to create the policy from expressions, on the Policy Editor dialog box, under Select expressions, in the Available expressions list, select the expression or expressions that you want to use in this policy, and then click the right arrow button; if you need to create new expressions or edit existing expressions, see Managing expressions. When all the expressions that compose the policy appear in the Selected expressions list, on the Policy Editor dialog box, click OK, and then on the Manage Policies and Expressions dialog box, click Close.
To edit policies
In an area where you assign policies, click Manage Policies.
On the Manage Policies and Expressions dialog box, under Components, under Policies, select the policy you want to edit, and then click Edit Policy.
On the Policy Editor dialog box, make the necessary changes.
Note
Policy name cannot be modified for default predefined policies, but for user-defined policies, it can be modified at any time.
System-defined policies come with standard explanatory text. If you change the policy, make sure that you also change the explanatory text so that it reflects the new or revised functionality.On the Policy Editor dialog box, click OK, and then on the Manage Policies and Expressions dialog box, click Close.
To remove a policy
In an area where you assign policies, click Manage Policies.
On the Manage Policies and Expressions dialog box, under Components, under Policies, select the policy you want to remove, and then click Remove.
Note
You can only remove user-defined policies; you cannot remove system-defined policies.
On the Manage Policies and Expressions dialog box, click Close.
Managing expressions
This section provides instructions on how you create, edit, and remove expressions.
To create expressions
In an area where you assign policies, click Manage Policies.
On the Manage Policies and Expressions dialog box, under Components, select Expressions, and then click Add Expression.
On the Expression Editor dialog box, take the following steps:
In the Name box, enter the expression name.
In each of the lists next to Windows, Mac OS, and Linux, select a predefined platform-specific expression. If you need to create new platform-specific expressions or to edit existing platform-specific expressions, see "Managing platform-specific expressions" in Managing IAG platform-specific endpoint policies.
In the list next to Other, select the expression that applies to endpoint devices that run platforms other than Windows, Mac OS, or Linux.
If you want to allow access to internal sites and applications, select Always.
If you want to block access to internal sites and applications, select Never.
After you select expressions for all the available platforms, on the Expression Editor dialog box, click OK, and then on the Manage Policies and Expressions dialog box, click Close.
To edit expressions
In an area where you assign policies, click Manage Policies.
On the Manage Policies and Expressions dialog box, under Components, expand Expressions, select the expression you want to edit, and then click Edit Expression.
On the Expression Editor dialog box, make the necessary changes.
Note
Expression name cannot be modified for default predefined expressions, but for user-defined expressions, it can be modified at any time.
On the Expression Editor dialog box, click OK, and then on the Manage Policies and Expressions dialog box, click Close.
To remove an expression
In an area where you assign policies, click Manage Policies.
For more information about where you assign policies, see Managing client endpoint policies_IAG.
On the Manage Policies and Expressions dialog box, under Components, expand Expressions, select the expression you want to remove, and then click Remove.
Note
You can only remove user-defined expressions; you cannot remove system-defined expressions.
On the Manage Policies and Expressions dialog box, click Close.