At Least One Assertion Must Evaluate to True Assertion
The "At least one assertion must evaluate to true" assertion is a folder that organizes and defines the processing conditions for the assertions that it contains and for the overall policy. When assertions are grouped into one of these folders in the policy window, each successive child assertion is processed until a single assertion succeeds, yielding a success outcome for the folder. If all child assertions in the folder fail, then the overall folder—and possibly the entire policy—fails. For more information about parent and child assertions in a policy, see Policy Organization.
gateway83
The "At least one assertion must evaluate to true" assertion is a folder that organizes and defines the processing conditions for the assertions that it contains and for the overall policy. When assertions are grouped into one of these folders in the policy window, each successive child assertion is processed until a single assertion succeeds, yielding a success outcome for the folder. If all child assertions in the folder fail, then the overall folder—and possibly the entire policy—fails. For more information about parent and child assertions in a policy, see Policy Organization.
If you do not want the failure of this assertion to fail the entire policy, then add a Continue Processing assertion into the assertion folder. The Continuing Processing assertion will always evaluate to true, preventing the failure of a policy due to the failure of a non-essential or conditional assertion in an "At least one assertion must evaluate to true" folder.
Using the Assertion
- Do one of the following:
- To add the assertion to the policy development window, see Add an Assertion. You can also right-click anywhere in the policy development window and then choose Add "At least one" Folder. This creates an assertion folder in the policy window.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Move the assertion folder to the appropriate position within the policy.
- Populate the folder with child assertions using any of the following methods:
- Add an assertion by dragging and dropping if from policy window or the [Assertions] tab.
- Remove an assertion by dragging and dropping it back into the policy window or by deleting the assertion.
- Repeat to add additional assertion folders, if necessary. Be sure to validate the policy when done.
To add a new identity into the assertion folder, right-click the assertion folder in the policy development window and then choose Add User or Group. This adds a Authenticate User or Group assertion to the policy. Refer to Policy Organization for more information.