The underpinning of Aserto's authorization model is a policy.
Policies are authored, stored, and versioned as code in a
When you click on “Add a policy”, you'll go through a short workflow to select a git repository for your policy, and name that policy in the Aserto console.
The first step is to select a connection to a source code control system. Since you don't yet have any, you'll want to select the "Add a new source code connection" item in the dropdown.
This will bring up a modal for adding a connection to a provider. Note that Aserto supports GitHub as a source code provider, but allows you to connect to it either over an OAuth2 flow, or using a Personal Access Token (PAT).
The easiest path is to select "github" as the source code provider, give the connection a name (like
and click "Add connection". To connect using a Personal Access Token (PAT), follow these instructions.
If you are managing an Aserto tenant for an organization, we recommend using a GitHub "bot account" to sign in with, and using a Personal Access Token which has access to your GitHub organization.
Once you complete GitHub’s OAuth2 consent flow, select your newly created connection.
Next, you'll be asked to select an organization & repo. Select the “New (using template)” radio button, and select the
Your user must have sufficient permissions to create a secret in this GitHub repo (which may be controlled by the organization you choose to create the repo in).
Name your new policy repository
policy-peoplefinder-rbac (or a similar name), and click on "Create repo".
Name your policy with a descriptive name (e.g. peoplefinder). You’ll use this name later with the CLI.
Finally, click the "Add policy" button.
Congratulations! You now have a clone of the
policy-peoplefinder-rbac policy template in your GitHub account, hooked up to Aserto. Later, you’re going to modify this policy repository to change the authorization policy of the PeopleFinder application. But first, let's set up demo users in your directory so that we can understand how user information is used in the authorization flow.