PingAuthorize

Adding a named condition

Named conditions provide a way to reuse conditional logic across attributes and policies.

About this task

Named conditions can help provide consistency in authorization logic and minimize repetition throughout policies. You can use named conditions as components in more complicated condition expressions.

For example, consider a named condition that compares the account status received in a decision request to a status code to determine if the account is blocked. You can use this condition in multiple policies to check a user’s account status.

Screen capture of an example named condition named Account Blocked, comparing the Request.Account.Status and Policy.Constants.Block Status Code attributes

Steps

  1. Click Trust Framework and click the Conditions tab.

  2. Click the icon and select Add new Condition.

  3. Define general information for the named condition:

    1. Enter a unique Name for the condition.

    2. Optional: For Description, enter information that describes the condition’s purpose.

    3. Optional: To nest the condition under a parent in the tree, in the Parent list, select a parent condition.

      Nesting helps group related conditions together. You can move the condition to another location in the tree by selecting a different parent condition.

    To remove nesting, click the Delete icon and leave the Parent blank.

  4. To add a comparison to the condition, click Comparison.

    Screen capture of the condition builder

  5. Select an attribute to use in the comparison, select a comparator, and then enter a constant or click the C icon to select an attribute.

  6. To next a comparison under another comparison, click Group.

    Subgroups allow more permutations in comparisons. To remove nesting while keeping the comparison, click Ungroup.

  7. To add a named condition, click Named Condition, select a named condition, and then select is True or False.

  8. To combine multiple conditions, named conditions, or groups, select one of the following options.

    Choose from:

    • All: Invokes the condition when all of the conditions are true. If one condition evaluates to false, evaluation stops and the remaining conditions are not executed. This is like adding an AND Boolean operator between conditions.

    • Any: Invokes the condition when at least one of the conditions is true. If one condition evlautes to true, evaluation stops and the remaining conditions are not executed. This is like adding an OR Boolean operator between conditions.

    • None: Invokes the condition when none of the conditions are true. This like adding a NOT Boolean operator.

  9. Click Save Changes.

    You can copy a named condition for reuse by selecting Make Copy from the hamburger menu of that condition. If you copy a named condition with children, only the parent is duplicated. You cannot copy a named condition at its point of use in a rule or policy.