Criteria Scripts are designed to allow re-usable, advanced expressions to be created that evaluate criteria (claims) to true or false. They are used to define scripted rules that assign Policies to users and push Client auto-updates to devices.
NOTE
Criteria Scripts cannot be used in Conditions.
Before you start
Considerations before configuring criteria scripts:
The script runs on the Controller once for every user authenticated and Policy. So 1000 users authenticating with 100 Policies configured will result in the script running 100,000 times.
The script runs in a sandboxed JavaScript engine that supports external httpGet/Post/Put/Delete calls.
Background reading:
See the Use of Scripts section for more considerations and information.
For a better understanding of claims in AppGate ZTNA, see the User claims and Device claims sections.
See the Policy assignment section for a better understanding of how assignment decisions are made.
Refer to Claims in Detail for information about all the claims used in the system.
Configuring Criteria Scripts
To configure your criteria script, select +Add in the Criteria Scripts page and complete the following fields:
Name. Enter a valid JavaScript name without any white space, dashes, or special characters. If you are editing an existing script, changing the name may break any existing configurations.
Criteria Combining Mode. Select the criteria from the dropdown. Options are:
All Criteria below must be true
At least one of the Criteria below must be true
Criteria are met according to Custom Logic
Criteria. Select +Add to open the Type dropdown from which you can select assignment criteria. Alternatively, you can select Switch to Script Mode to enter a script directly. For more information, see the Configure Conditions section. Criteria Scripts use the same script view and JavaScript editor tools that are available when you configure Policies directly. So you only need to create one here if you plan to re-use it more than once.
Criteria Script Actions
While in the Add or Edit Criteria Script page, use the Actions button to perform the following actions:
Clone. Clone the criteria script.
Test. Tests the script. Opens the Test Expression window. From here you can enter values to simulate claims or switch to active session mode and use an active session to test the claims.