Application Policy Overview

When creating an application configuration in Access Gateway, you can create policies to protect resources, create rules using regular expression, and create custom rules. The different policy types are described here for reference.

Application Policies

Policy type Description


The URL is a protected resource and can only be accessed by users after being authenticated with the Identity Provider.

Not Protected

The URL is an unprotected resource that can be accessed by users without being authenticated with the Identity Provider. Note that header data is not included with Not Protected policies.

Protected Rule

Rules based on custom configuration.

Adaptive Rule

Behavior is identical to Not Protected but also provides headers.

Policy Fields

Field Description


Policy name. This must be unique.


The resource path that applies to this policy. 256 character maximum. E.g. /webcontext /reports.html.

Resource Matching Rule (Protected Rule)

Regex Rule for defining policy rules to allow or deny access to application resources.


This section allows you to add a custom configuration.


Policy description.

See also: