Create First Policy

Create a policy that defines who can use self-service and when.

About Policies

Policies control:

• Who can use self-service (by group, OU)
• What actions are allowed (unlock, reset)
• When auto-approval happens (by risk score)

Create a Basic Policy

1. Navigate to Policies

1. In Admin Portal, go to Policies
2. Click Create Policy

2. Configure Basic Settings

3. Configure Scope

4. Configure Actions

5. Configure Risk Thresholds

6. Save Policy

Click Save to create the policy.

Example Policies

Policy 1: Regular Employees

name: Standard Users
target_ous:
  - "OU=Staff,OU=Users,DC=company,DC=local"
exclude_groups:
  - "Domain Admins"
actions:
  - unlock
  - reset_password
risk_thresholds:
  auto_approve: 30
  notify: 50
  manual_approve: 79
  block: 80

Policy 2: IT Staff (More Restrictive)

name: IT Staff
target_groups:
  - "IT Department"
exclude_groups:
  - "Domain Admins"
actions:
  - unlock
  - reset_password
risk_thresholds:
  auto_approve: 20
  notify: 30
  manual_approve: 50
  block: 60

Policy 3: Contractors (Unlock Only)

name: Contractors
target_ous:
  - "OU=Contractors,DC=company,DC=local"
actions:
  - unlock  # No password reset for contractors
risk_thresholds:
  auto_approve: 20
  notify: 30
  manual_approve: 40
  block: 50

Policy Evaluation Order

1. User makes request
2. System finds matching policies (by group/OU)
3. Most restrictive policy applies
4. Risk score calculated
5. Action taken based on thresholds

Next Step