Policies
Configure policies to automate approvals, denials, and reviewer routing for access workflows.
Policies
Policies let administrators automate access decisions in BalkanID. You can use them to approve, deny, or route items based on defined conditions.
Policies help reduce manual review work. They also keep decisions consistent and auditable.
What a policy does
A policy is made up of ordered clauses. Each clause contains:
One or more conditions
One action to run when those conditions match
Policies are evaluated from top to bottom. The first matching clause wins.
Common uses include:
Auto-approving low-risk requests
Auto-denying restricted access
Routing requests to a specific reviewer
Open the Policies page
Sign in to BalkanID at
<yourdomain>.app.balkan.id.Go to Configure → Global Settings → Policies.
From this page, you can:
View existing policies
Check policy type and status
Create a new policy
Edit or deactivate a policy
Create a policy
Click Create Policy.
Select the policy type:
Purpose
Request
Enter the policy details:
Name
Description
Status
Priority for request policies
Use a clear name that reflects the outcome.
Add clauses and rules
Each policy contains one or more clauses. A clause defines when the policy applies and what happens next.
In the policy editor, you can:
Create a new rule inline
Reuse an existing saved rule
Rules are built from attributes such as:
User attributes like department, title, or employment type
Application or entitlement attributes
Purpose or request context
Clause order matters. Put the most specific clauses first. Put broader fallback clauses later.
Available actions
Auto-approve
Use this action when the matched request is low risk and does not need manual review.
The system approves the item automatically
No reviewer action is required
The action appears in audit history
Auto-deny
Use this action when the matched request should never proceed.
The system denies the item automatically
Unnecessary review cycles are avoided
The decision remains fully auditable
Auto-assign to reviewer
Use this action when ownership should be routed to a known reviewer or approval group.
The item is assigned automatically
Routing stays consistent
Escalation paths stay predictable
How policy evaluation works
When an item enters a policy-controlled workflow:
BalkanID evaluates the attached policy.
Clauses are checked in order.
The first matching clause runs its action.
If no clause matches, the item follows the default manual workflow.
Policies can be attached to:
Access request workflows
Purpose-based access flows
Audit and visibility
Policy-driven decisions are marked as system actions. BalkanID records the policy and rule that triggered the outcome.
You can review this information in audit logs and activity history. This makes policy behavior easier to validate and troubleshoot.
Best practices
Keep policy names specific and outcome-based
Put narrow rules before broad rules
Use auto-approve only for low-risk access
Use auto-deny for clearly prohibited access
Use auto-assignment when ownership is well defined
Start with inactive policies if you want to validate setup before rollout
For related workflows, see Access requests and Purposes.
Last updated
Was this helpful?