Create Policies
Policies are what grant users access to Resources.
To define a Policy, go to Policies -> Add Policy
.
Policies define a single Group's access to a single Resource.
Note: To preserve audit trails, Policy details cannot be changed once a Policy is created. Double-check to ensure the Group, Resource, and/or conditions are correct before creating the Policy.
Conditional access policies
On Team and higher plans, you may restrict access further based on the below conditions.
Client location
![Client location](/_next/image?url=%2Fimages%2Fkb%2Fdeploy%2Fpolicies%2Fclient_location.png&w=1200&q=75)
Restrict access only to Clients connecting from specific countries. When this is specified, the Client's IP address will be used to lookup the country of origin.
Client IP address or CIDR
![Client IP address or CIDR](/_next/image?url=%2Fimages%2Fkb%2Fdeploy%2Fpolicies%2Fclient_ip.png&w=1200&q=75)
Restrict access to a specific IP address or range of Client IP addresses.
Identity provider
![Identity provider](/_next/image?url=%2Fimages%2Fkb%2Fdeploy%2Fpolicies%2Fclient_idp.png&w=1200&q=75)
Restrict access based on the authentication provider that was used to authenticate the Client.
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.