About application policy

Access Gateway includes the ability to configure one or more access policies per application. Policies are applied to URI resources within an application and can be set to achieve the following:

  • Allow access to an application by any authenticated user (default).

  • Allow no authentication access (to anyone) for an application.

  • Allow specific user(s) access to an application.

  • Allow specific group(s) access to an application.

  • Allow access to an application based on any IDP user profile attribute.

  • Allow granular access based on an application URI(s) or deep link(s).

To add or modify a policy

  1. Navigate to your Access Gateway Instance and sign on.

  2. From the Topology tab or the Applications tab open the application.
  3. Select the Policies pane.
    To add or modify policy first select the policy pane.
  4. Click the (+) icon to add a new policy.

To modify an existing policy



Click the Trash () icon next to any policy to delete that policy.
Note the root policy cannot be changed or deleted.


  1. Click the Pencil next to the policy being modified.
  2. In the Edit Existing Policy dialog modify the existing policy.
    For example change resource path to reflect a different URL.
    Note that the root policy cannot be changed.
  3. Click the Enable Policy toggle to enable or disable the policy.
  4. Click Okay to complete the edit, or Cancel to cancel.

To add a new policy

  1. Click the Plus () icon and select one of the application policy types.
    After clicking the plus icon, select one of the displayed policy types.
  2. In the Add New Policy dialog specify:

    Enable Policy toggle

    Enable or disable the policy as required.

    NameAn appropriate name for the policy.
    For example, Grant access to /myurl or Open /openurl to all.
    Policy Type

    One of:

    • Protected
    • Not Protected
    • Protected Rule
    • Adaptive Rule
    Resource PathThe path to the resource.
    For example: /myunprotectedpath
    DescriptionAn option description of the Policy
  3. When complete click Okay to add the new policy or Cancel to cancel.

Application Policies

Policy type Description


The URL is a protected resource and can only be accessed by users after being authenticated with the Identity Provider. Note that user authorization is controlled by the group membership on the settings tab.

Not Protected

The URL is an unprotected resource that can be accessed by users without being authenticated with the Identity Provider. Note that header data is not included with Not Protected policies.

Protected Rule

A policy to control authorization to a resource overriding the access controls on the settings associated with the application.

Adaptive Rule

Behavior is identical to Not Protected but also provides headers.

Next Steps