Guides
Log In
Guides

Steps 5–7: Identities, Supervision Roles, and Rules

Overview

This page describes steps 5–7 of the application configuration flow.

These steps are used when:

  • Creating a new application in advanced mode
  • Editing an existing application

This part of the flow includes:

  • Identities: Define who can access the application
  • Supervision Roles: Define who can approve, monitor, or audit access
  • Rules: Define how access is controlled using identities, conditions, and actions
📘

See Also:

Step 5: Identities

Define who can access the application.

Available options include:

  • None: No users can access the application
  • Anonymous identities: Anyone with the application URL can access it
  • Any authenticated identity: Any logged-in user can access the application
  • Specific identities: Only selected identities can access the application

When selecting Specific identities, you can choose from:

  • Users
  • Groups
  • API Keys

This section can also include options for publishing the application to the Application Marketplace.

Supervision Roles

Define supervisory access and session control.

See also Configuring Supervision.

Supervision enables additional control over user access and activity.

Roles include:

  • Approver: Can approve or deny access requests and terminate sessions
  • Active Supervisor: Can join sessions interactively and terminate them
  • Observer Supervisor: Can monitor sessions without interacting and terminate them
  • Auditor: Can replay recorded sessions

By default, supervision roles are inherited using Same as defined in Roles.
To assign roles directly to the application, clear this option.

Rules

Define rule-based access control for the application.

Rules determine whether and how users can access the application.

Each rule combines:

  • Identities
  • Conditions
  • Actions

Key behavior:

  • Rules are evaluated in order
  • Multiple rules can be defined
  • Rules can be reordered
  • Applications can inherit rules from categories
  • Default rules are created automatically based on the application type

Each rule can define:

  • Which identities it applies to
  • Which conditions must be met
  • Which actions are enforced

For detailed information about conditions and actions, see Policies.