Signals
The following table contains all the supported signals:| Signal | Property | Data type | Description |
|---|---|---|---|
| IPv4 / CIDR | ipv4_cidrs | array of string | List of IPv4 addresses or CIDR ranges. |
| IPv6 / CIDR | ipv6_cidrs | array of string | List of IPv6 addresses or CIDR ranges. |
| Geographic country code | geo_country_code | string | ISO 3166-1 alpha-2 country code. |
| Geographic subdivision code | geo_subdivision_code | string | ISO 3166-2 subdivision code. |
| JA3/JA4 fingerprint | ja_fingerprint | string | TSL client fingerprint. |
| User agent | user_agent | string | Client device or browser. |
Conditions
The following table contains all the supported conditions:| Condition | Property | Data type | Description |
|---|---|---|---|
| Match | match | object | Returns successful if the provided signal and any of the provided values are equivalent. |
| Does not match | not_match | object | Returns successful if the provided signal and none of the provided values are equivalent. |
Actions
The following table contains all the supported actions:| Action | Property | Data type | Description |
|---|---|---|---|
| Allow | allow | boolean | Allows traffic to pass through unaffected. |
| Block | block | boolean | Blocks traffic from accessing specified scopes. |
| Redirect | redirect | boolean | Redirects traffic to a provided location. |
| Redirect URI | redirect_uri | string | URI to redirect traffic to. |
| Log | log | boolean | Monitoring mode. No action is taken, but results are included in the Tenant ACL log event. |
Scopes
The following table contains all the supported scopes:| Scope | Value | Description |
|---|---|---|
| Tenant | tenant | Enforces Tenant ACL for both Management API and Authentication scopes. |
| Management API | management | Enforces Tenant ACL for requests sent to {yourDomain}/api/v2/* and {yourDomain}/scim/*. |
| Authentication | authentication | Enforces Tenant ACL for requests sent to anywhere not covered in Management API scope. |