Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Command-Line Reference
  5. Auth Policy
  6. Create

Globus Connect Server Create Auth Policy

Name

globus-connect-server auth-policy create - Create an authentication policy

Synopsis

globus-connect-server auth-policy create [OPTIONS] DESCRIPTION DISPLAY_NAME

Description

The globus-connect-server auth-policy create command provides a command-line interface for creating authentication policies which can be used to enhance the access requirements for collections.

Options

--project-id PROJECT_ID (new in 5.4.72)

The Globus Auth project ID where this authentication policy will be stored. If the admin only has a single Globus Auth project, it will be used by default. Otherwise, the admin must specify the Globus Auth project ID.

--authentication-assurance-timeout SECONDS (new in 5.4.72)

Number of seconds within which someone must have authenticated to satisfy the policy.

--include DOMAIN

Identity provider domain allowed for guest collection permissions. Users accessing the guest collection must have an identity from one of the included domains and that identity must have a valid guest collection permission. Specify a value of "" to remove this restriction and allow all of the user’s guest collection permissions. The domain may include wildcards, ie '*.edu'. This option can be given multiple times.

--exclude DOMAIN

Identity provider domain not allowed for guest collection permissions. Any of the user’s permissions from this domain will not be considered for guest collection access. Specify a value of "" to remove this restriction and allow all of the user’s guest collection permissions. Any domain listed in both included domains and excluded domains will not be able to access the guest collection. The domain may include wildcards, ie '*.com'. This option can be given multiple times.

--high-assurance

Indicates that this policy will be used with high assurance collections. This setting is immutable.

--version

Show the version and exit.

-h, --help

Show this message and exit.

Example

This example creates an authentication policy which allows guest collection data access by identities from globus.org as well as any identity in an edu domain except foo.edu. This policy is not high assurance so can only be used on collections not configured for high assurance.

globus-connect-server auth-policy create \
    --include globus.org \
    --include *.edu \
    --exclude foo.edu \
    "My Auth Policy Description" \
    "My Auth Policy Display Name"
Authentication Policy ID: 18be6172-43a8-438c-aaa8-e8e36707399e
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility