Policies
Policies Configuration Guide
Overview
Policies in BalkanID enable administrators to automate access decisions by defining conditions and actions that are evaluated consistently across access requests, purpose-based access. Using policies, admins can automatically approve, deny, or route access to specific reviewers, reducing manual effort while maintaining strong governance and auditability.
This guide walks through the end-to-end process of creating and managing policies, explains supported actions, and illustrates how policies are evaluated.
What Are Policies?
A policy is a structured set of rules evaluated in a top-down order. Each rule defines when the policy applies, and each clause defines what action should be taken when a rule matches.
Policies are commonly used to:
Auto-approve low-risk access
Auto-deny restricted or non-compliant access
Assign access requests to specific reviewers based on conditions
Accessing the Policies Page
Log in to BalkanID
<yourdomain>.app.balkan.idNavigate to Configure → Global Settings → Policies
On the Policies page, administrators can:
View all existing policies
See policy type and status (Active / Inactive)
Create new policies
Edit or de-activate existing policies
Creating a New Policy
Step 1: Start Policy Creation
Click Create Policy on the Policies page
Select the Policy Type (Purpose / Request)
Enter basic details:
Policy name
Description
Status (Active or Inactive)
Priority (only for 'Request' type Policies)
Defining Policy Clauses
Policies are evaluated top-down, meaning the first matching clause determines the action.
Each clause consists of:
One or more conditions (rules)
An action to take when conditions match
The UI presents clauses in a clear, ordered format inspired by modern feature-flag tools, making complex logic easy to understand and manage.
Creating or Selecting Rules
Within the policy editor, admins can:
Create a new rule inline, or
Select an existing rule from saved rules
Rules are defined using a visual filter builder based on attributes such as:
User attributes (job title, department, employment type)
Application or entitlement attributes
Access purpose or campaign context
All required fields are validated before saving.
Supported Policy Actions
Policies support the following actions:
Auto-Approve
When conditions match, the access request or review item is automatically approved by the system.
No reviewer involvement required
Recorded as a system action
Visible in audit logs and activity history
Auto-Deny
When conditions match, the access request or review item is automatically denied.
Prevents unnecessary review cycles
Recorded as a system action
Fully auditable
Auto-Assign to Reviewer
When conditions match, the item is automatically assigned to a specific reviewer/s
Enables deterministic reviewer routing
Reduces ambiguity in ownership
Ensures consistent escalation paths
Policy Evaluation Behavior
When an access request or review item is created:
The attached policy is evaluated
Clauses are checked in order
The first matching clause triggers its action
If no clause matches:
The item follows the default manual workflow
Attaching Policies
Policies can be attached to:
Access request workflows
Purpose-based access flows
Audit and Visibility
All policy-driven decisions:
Are clearly marked as system-driven
Capture the policy and rule that triggered the action
Appear in audit logs and activity timelines
This ensures transparency, compliance, and easy troubleshooting.
Best Practices
Use auto-approve for low-risk, repeatable access
Use auto-deny for clearly restricted access
Use auto-assignment to enforce ownership
Summary
Policies in BalkanID provide a powerful way to automate access decisions while preserving control and auditability. By combining clear conditions with deterministic actions, administrators can scale access governance efficiently and confidently.
For advanced use cases or assistance, please contact BalkanID Support: [email protected]
Last updated
Was this helpful?