Updating a Sign-On Policy
Update a sign-on policy in an identity domain in IAM.
You can make the following changes to a sign-on policy:
-
Edit the name or description of the policy
-
Add, remove, edit, or change the priority of sign-on rules for the policy
-
Add or remove apps for the policy
Policy changes might require a few minutes to propagate to other regions.
To change a sign-on policy, follow these steps:
-
To add, remove, edit, or change the priority of sign-on rules for the policy,
under Resources, select Sign-on
rules.
- To add a rule to the policy, select Add sign-on rule and provide the required values. For a description of the fields, see Adding a Rule to a Sign-On Policy.
- To edit a rule, select the Actions menu (
) for the rule and
select Edit sign-on rule. Make your edits. For a description of the
fields, see Adding a Rule to a Sign-On Policy. - To remove a rule, select the checkbox for the rule in the table, select Remove sign-on rule, and then confirm the deletion.
-
To change the priority of the rules, select Edit priority and then select the up or down arrow next to the rule to move it to the position in the listed order that you want the rule applied.
For example, if the sign-on rule is listed fourth, and you want the identity domain to evaluate it first, select the up arrow next to the rule until it's at the top of the list. That sign-on rule now has a priority of 1, and the rule that was listed first now has a priority of 2.