Manage policy sets

This scenario is intended to guide system administrators through the procedures for creating a policy set and assigning it to users. This scenario addresses the creation of a policy set only and does not address any specific policy settings.

You can set up hierarchical policy sets so that, for example, a base policy set can be applied to all users and then other policy sets can be applied to smaller sets of users (for example, the sales and support departments). See Apply hierarchical policy sets for the details.

You can apply a policy set to all users with accounts in the CyberArk Identity, to users in specific roles only, or to users in specific collection parameters.

For non-endpoint related policies (such as application polices, login policies, etc.), the policy set goes into effect when users log in to the user portal or after users click Reload from the CyberArk Identity User Portal.

If you are using CyberArk Identity for mobile device management, the device configuration policies are installed when the user enrolls the device. Subsequent changes to device management and enrollment settings, user security policies, login policies, and applications policies are implemented immediately. Updates to the device configuration policies (Policies > Endpoint Policies > settings in Common Mobile Settings, iOS Settings, etc.) are updated automatically according to the policy push delay interval you set in Settings > Endpoints > Endpoint Management Settings. The Endpoint Policies are only available if you use CyberArk Identity for mobile device management. If you are using the CyberArk Identity for single sign-on only, the Endpoint Policies are not included. See Mobile Device Management or single sign-on only.

You can see the current setting for the policies you have set previously by clicking Summary. The Summary page does not show the default value for policies you have not modified.

This scenario includes the following topics: