Manage policy

Add to, edit, or delete existing entitlement policy rules to manage entitlements assigned to your users. The changes you make to a draft policy don’t affect users until you apply the policy to set it as Active.

Entitlement Management automatically creates a draft copy of the active policy for you to update when you click Edit policy.

You can’t edit an active policy directly. After you create a policy for an application and apply it for the first time, the app must always have an active policy.

Before you begin

  • Sign in as a super admin, an app admin, or an admin with the following permissions:

    • Manage applications

    • Edit application's user assignments

    • Edit groups' application assignments or Edit users' application assignments

  • Ensure that you're assigned to the Okta Entitlement Management application.

  • Ensure that you have created one or more policy rules for the application.

Edit rules

  1. In the Admin Console, go to ApplicationsApplications.
  2. Search for and select your app instance.
  3. Go to the Governance tab.
  4. Go to the Policy tab.

  5. Open the Actions dropdown menu associated with a rule.

    If you’re editing a policy, click Edit policy or Continue editing policy before you open the Actions dropdown menu associated with a rule.

    Clicking Edit policy creates a copy of the active policy in Draft mode.

  1. Click Edit and make the required changes.

  2. Click Add rule to save changes.

Delete rules

  1. In the Admin Console, go to ApplicationsApplications.
  2. Search for and select your app instance.
  3. Go to the Governance tab.
  4. Go to the Policy tab.

  5. Open the Actions dropdown menu associated with a rule.

    If you’re editing a policy, click Edit policy or Continue editing policy before you open the Actions dropdown menu associated with a rule.

    Clicking Edit policy creates a copy of the active policy in Draft mode.

  1. Click Delete.

  2. Click Delete rule to remove it from the draft policy.

Entitlement Management stores the draft policy for you to continue editing it later. You can also delete a draft policy and start over by clicking Delete draft.

Preview the draft policy to check the entitlements that the policy will assign to users before you apply the policy.

Related topics

Examples of Okta Expression Language

Preview policy

Manage user entitlements