Policy

PolicyService manages conditional-access rules. A policy is a named conjunction of conditions (IP range, device compliance, user group, risk level, time of day) plus an effect (ALLOW, REQUIRE_MFA, BLOCK, REQUIRE_STEP_UP). The gateway's adaptive-MFA middleware and step-up paths consume these policies.

Base URL: https://<Domain id="api"/>

Authentication: Bearer token with policy:write (CRUD) or :read (list/get/simulate/evaluate).

Sub-sections

Policy shape

{

Condition types: user_group, organization, ip_range, network, device_compliance, risk_level, time_window, geo, authentication_method.