PolicyUser
objectUser information within a policy context
Unique identifier for the user
Example:550e8400-e29b-41d4-a716-446655440000
Timestamp when the user was created
Example:2023-01-15T14:30:00Z
Timestamp when the user was last updated
Example:2023-01-15T14:30:00Z
Timestamp of the user’s last network connection
Example:2023-01-15T14:30:00Z
User’s email address
Example:jane.smith@company.com
Current status of the user account
Example:ACTIVE
User’s first name
Example:Jane
User’s last name
Example:Smith
Whether this user is the owner of the account
Maximum number of devices allowed for this user
Example:5
URL or path to the user’s profile image
Example:https://example.com/avatars/jane-smith.jpg
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"lastConnection": "2023-01-15T14:30:00Z",
"email": "jane.smith@company.com",
"status": "ACTIVE",
"firstName": "Jane",
"lastName": "Smith",
"isOwner": false,
"maxDevices": 5,
"image": "https://example.com/avatars/jane-smith.jpg"
}PolicyDevice
objectDevice information within a policy context
Unique identifier for the device
Example:550e8400-e29b-41d4-a716-446655440000
Timestamp when the device was created
Example:2023-01-15T14:30:00Z
Timestamp when the device was last updated
Example:2023-01-15T14:30:00Z
Human-readable name for the device
Example:John's MacBook Pro
Whether the device is currently active
Example:true
Timestamp of the device’s last network connection
Example:2023-01-15T14:30:00Z
Current operational status of the device
Allowed values:OnlineOfflineDeactivated
Example:Online
Unique hardware identifier for the device
Example:MAC-001122334455
Device posture information and compliance status
Example:{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"}
Version of the client application running on the device
Example:1.2.3
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"name": "John's MacBook Pro",
"active": true,
"lastConnection": "2023-01-15T14:30:00Z",
"status": "Online",
"hardwareId": "MAC-001122334455",
"posture": {
"compliant": true,
"lastCheck": "2023-01-15T14:30:00Z"
},
"appVersion": "1.2.3"
}PolicyResource
objectResource information within a policy context
Unique identifier for the resource
Example:550e8400-e29b-41d4-a716-446655440000
Timestamp when the resource was created
Example:2023-01-15T14:30:00Z
Timestamp when the resource was last updated
Example:2023-01-15T14:30:00Z
Human-readable name for the resource
Example:Internal Web Server
Type of the network resource
Allowed values:PRIVATESAASINTERNET
Example:PRIVATE
Load balancing configuration for this resource
Allowed values:MANUALAUTOMATIC
Default:MANUAL
Example:MANUAL
Detailed description of the resource’s purpose
Example:Internal web server for company applications
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"name": "Internal Web Server",
"type": "PRIVATE",
"loadBalancingMode": "MANUAL",
"description": "Internal web server for company applications"
}Policy
objectAccess policy defining who can access what resources under what conditions
Unique identifier for the policy
Timestamp when the policy was created
Timestamp when the policy was last modified
Human-readable name for the policy
Whether this policy allows (true) or denies (false) access
Priority order for policy evaluation (lower numbers are evaluated first)
Whether this is a default policy that applies to all entities
Type of resources this policy applies to
Allowed values:PRIVATESAASINTERNETSITETOSITE
Access mode for this policy
Allowed values:LOCALRESTRICTEDREMOTE
Whether this policy applies to all groups
Default:false
Whether this policy applies to all users
Default:false
Whether this policy applies to all devices
Default:false
Whether this policy applies to all resources
Default:false
Group information within a policy context
Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Engineering Team","description":"Team responsible for software development and engineering","maxDevices":10,"isSamlDefaultGroup":false,"idpMapping":["engineering-team","dev-team"]}
Show Child Parameters
User information within a policy context
Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","lastConnection":"2023-01-15T14:30:00Z","email":"jane.smith@company.com","status":"ACTIVE","firstName":"Jane","lastName":"Smith","isOwner":false,"maxDevices":5,"image":"https://example.com/avatars/jane-smith.jpg"}
Show Child Parameters
Device information within a policy context
Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"John's MacBook Pro","active":true,"lastConnection":"2023-01-15T14:30:00Z","status":"Online","hardwareId":"MAC-001122334455","posture":{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"},"appVersion":"1.2.3"}
Show Child Parameters
Resource information within a policy context
Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Internal Web Server","type":"PRIVATE","loadBalancingMode":"MANUAL","description":"Internal web server for company applications"}
Show Child Parameters
Network gateway configuration and status information
Show Child Parameters
Source IP addresses or ranges this policy applies to
Complete admission rule information with configuration and metadata
Example:{"id":"550e8400-e29b-41d4-a716-446655440000","name":"Engineering Department Access","type":"ALLOW","rule":"user.department == 'Engineering'","hasTimeConstraint":false,"createdAt":"2023-01-15T10:30:00Z","updatedAt":"2023-01-15T10:30:00Z"}
Show Child Parameters
Detailed description of the policy’s purpose and scope
{
"id": "id",
"createdAt": "createdAt",
"updatedAt": "updatedAt",
"name": "name",
"action": false,
"order": 0,
"isDefault": false,
"type": "PRIVATE",
"mode": "LOCAL",
"allGroups": false,
"allUsers": false,
"allDevices": false,
"allResources": false,
"groups": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"name": "Engineering Team",
"description": "Team responsible for software development and engineering",
"maxDevices": 10,
"isSamlDefaultGroup": false,
"idpMapping": [
"engineering-team",
"dev-team"
]
}
],
"users": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"lastConnection": "2023-01-15T14:30:00Z",
"email": "jane.smith@company.com",
"status": "ACTIVE",
"firstName": "Jane",
"lastName": "Smith",
"isOwner": false,
"maxDevices": 5,
"image": "https://example.com/avatars/jane-smith.jpg"
}
],
"devices": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"name": "John's MacBook Pro",
"active": true,
"lastConnection": "2023-01-15T14:30:00Z",
"status": "Online",
"hardwareId": "MAC-001122334455",
"posture": {
"compliant": true,
"lastCheck": "2023-01-15T14:30:00Z"
},
"appVersion": "1.2.3"
}
],
"resources": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"createdAt": "2023-01-15T14:30:00Z",
"updatedAt": "2023-01-15T14:30:00Z",
"name": "Internal Web Server",
"type": "PRIVATE",
"loadBalancingMode": "MANUAL",
"description": "Internal web server for company applications"
}
],
"gateways": [
{
"id": "id",
"createdAt": "createdAt",
"updatedAt": "updatedAt",
"name": "name",
"description": "description",
"wireguardPort": "wireguardPort",
"status": "PENDING",
"error": "error",
"token": "token",
"lastOnline": "lastOnline",
"relayEnabled": false,
"endpoint": "endpoint",
"autoDiscoverEndpoint": false,
"resources": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Internal Web Server"
}
]
}
],
"sourceIps": [
"[]"
],
"rule": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Engineering Department Access",
"type": "ALLOW",
"rule": "user.department == 'Engineering'",
"hasTimeConstraint": false,
"createdAt": "2023-01-15T10:30:00Z",
"updatedAt": "2023-01-15T10:30:00Z"
},
"description": "description"
}UpdatePolicy
objectData for updating an existing access policy
Array of group IDs to apply this policy to
Example:550e8400-e29b-41d4-a716-446655440000
Array of user IDs to apply this policy to
Example:550e8400-e29b-41d4-a716-446655440001
Array of device IDs to apply this policy to
Example:550e8400-e29b-41d4-a716-446655440002
Array of gateway IDs to apply this policy to
Example:550e8400-e29b-41d4-a716-446655440004
Array of resource IDs to apply this policy to
Example:550e8400-e29b-41d4-a716-446655440003
Admission rule ID for this policy
Example:550e8400-e29b-41d4-a716-446655440005
Human-readable name for the policy
Example:Engineering Team Access
Detailed description of the policy’s purpose and scope
Example:Allows engineering team to access development resources
Whether this policy applies to all groups
Default:false
Whether this policy applies to all users
Default:false
Whether this policy applies to all devices
Default:false
Whether this policy applies to all resources
Default:false
Array of source IP addresses or ranges
Example:192.168.1.0/24, 10.0.0.0/8
Access mode for this policy
Allowed values:LOCALRESTRICTEDREMOTE
Example:LOCAL
Whether this policy allows (true) or denies (false) access
Example:true
{
"name": "Engineering Team Access",
"description": "Allows engineering team to access development resources",
"mode": "LOCAL",
"action": true,
"allGroups": false,
"allUsers": false,
"allDevices": false,
"allResources": false,
"groups": [
"550e8400-e29b-41d4-a716-446655440000"
],
"rule": "550e8400-e29b-41d4-a716-446655440005"
}