Quick Overview

Policies in zAccess define the specific application access permissions that are granted to endpoint devices during login. A policy typically includes a list of allowed applications or application groups. Policies are not applied directly to endpoints—instead, they are activated through Rulesets that match specific conditions such as device identity, location, or network.

How to Use This Feature in the UI

1. Go to Policy Configuration > Policies.
2. Click ADD POLICY.
3. Enter a descriptive Policy Name (e.g., “Sales App Access” or “Contractor Restrictions”).
4. Choose from existing Apps or App Groups to define which resources the policy permits.
5. Click Save to finalize the policy.
6. To activate the policy, link it to a Ruleset that defines the conditions under which the policy should be applied to an endpoint.

Concepts & Use Cases

• Access Control Logic: Policies encapsulate the “what” of access—what apps a device/user is allowed to use.
• Modular Design: Policies are decoupled from rules so they can be reused across multiple conditional scenarios.
• Dynamic Access Assignment: zAccess applies policies automatically at login based on matched rulesets.
• Granular Enforcement: Different policies can be crafted for internal users, third-party contractors, executives, and remote workers.

Troubleshooting & FAQs

• Why isn’t a policy applying?
  Ensure a corresponding ruleset matches the endpoint’s context and links to the policy. Check for conflicting or overlapping rulesets.
• Can a device receive multiple policies?
  No. zAccess applies only the first matching policy based on ruleset order. Design your rules carefully for correct prioritization.
• Can policies be changed mid-session?
  Yes. zAccess reevaluates the session periodically and can switch policies if the endpoint context changes and a new ruleset applies.
• How do I test a new policy?
  Create a test ruleset with unique conditions and apply it to a test device or user to validate behavior without impacting production rules.