Create Policies
Policies are what grant users access to Resources.
To define a Policy, go to Policies -> Add Policy
.
Policies define a single Group's access to a single Resource.
Note: To preserve audit trails, Policy details cannot be changed once a Policy is created. Double-check to ensure the Group, Resource, and/or conditions are correct before creating the Policy.
Conditional access policies
On Team and higher plans, you may restrict access further based on the below conditions.
Client location
Restrict access only to Clients connecting from specific countries. When this is specified, the Client's IP address will be used to lookup the country of origin.
Client IP address or CIDR
Restrict access to a specific IP address or range of Client IP addresses.
Identity provider
Restrict access based on the authentication provider that was used to authenticate the Client.
Time of day
Restrict access to certain time windows throughout the week based on the 24hr time and specified time zone.
The time zone determines the offset used when determining whether to allow
access for a particular Client. For example, if you specify a time window of
08:00-17:00
and time zone of Eastern
, Clients in the Pacific
timezone 3
hours behind will be allowed access from 05:00-14:00
Eastern time.
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.