Add a new domain
Create one or more domains from the Domains page as follows:
Click + Add new in the upper right corner.
noteIf this is the first domain, start by clicking + Add domain.
Enter a unique name for your domain in the Name field.
Optionally, you can add details or some information about this domain in the Description field.
In the Policy entry point dropdown, select the main (root) policy assigned to the domain.
If no policies are detected, the dropdown is replaced by a text field. In this case, manually enter the Fully Qualified Name (FQN) of the root policy.
Optionally, from the relevant dropdown, select the attribute connectors you want to add in the authorization domain.
Once an attribute connector is selected, its type, the provided attribute(s), and the applied cache configuration for each provided attribute display directly below.
Optionally, in the Partial evaluation threshold field, you can set the number of individual requests a multiple-decision request must contain before the authorization engine attempts to optimize that specific request. Learn more in the Decision parameters sectionOpens in a new tab of the Access Decision Service (ADS) documentation.
noteBy default, multiple-decision requests are not optimized. To enable Partial evaluation, you must set a value of
2or higher.Click Add to finalize your domain.
A new entry for the domain you just created displays in the domains list.
Attribute connectors in the domain
Adding attribute connectors to the authorization domain enriches authorization decisions with dynamic, context-specific attributes, eliminating the need for hardcoding or data duplication. The authorization engine initialized with this domain will use the the related attribute connectors to connect to Policy Information Points (PIPs) and resolve the required attribute values.
This functionality is optional, as authorization domains can be configured with zero or more attribute connectors.