The Nullafi Shield Admin Console provides a graphical user interface for configuring policy, viewing status, and examining event data. It is a web application which can be accessed using any web browser. The Admin Console is available after the Shield container is started. Access is governed by the defined container options (see Deployment). In the simplest case, browsing to the container host’s IP address on the mapped NULLAFI_HTTP_PORT will open the Admin Console login screen, and using the NULLAFI_USERNAME and NULLAFI_PASSWORD will allow the administrator to log in.
The policy engine is at the heart of Nullafi Shield. It does the work of examining the data being accessed, classifying it, and deciding whether it should be passed through to the user. The Policy section of the Admin Console is where rules are created to control the engine’s behavior.
When applying different policies based on the identity of the end user, it is usually preferable to use group membership rather than having to refer to each individual. For example, you are more likely to want to apply different policies to members of the Marketing team than you are to just a single employee. Nullafi Shield can connect to you existing directory for the purposes of Policy creation. See the Configuration section on Directory Integrations for further details.
Modern directories are used for many purposes -- many of which will not be relevant to data access policies. Nullafi Shield therefore allows the Administrator to control which groups appear in the Admin Console in order to streamling policy creation. There may be hundreds of groups in your directory, but only a dozen or so that matter when it comes to data access policies. When groups are hidden using Group Management, they will not appear in drop-down lists and other areas of the Admin Console.
- To hide a group:
- Select the checkbox next to the group name
- Click on the Hide 'Group in Policy button' at the bottom of the screen
- Multiple groups can be selected at once
- To restore a group for use in policies:
- Click on the 'Show hidden groups' toggle at the top of the page
- Select the checkbox next to the group name(s)
- Click on the 'Show Group in Policy' button at the bottom of the page