About application policy
Access Gateway includes the ability to configure one or more access policies per application. Policies are applied to URI resources within an application and can be set to achieve the following:
Allow access to an application by any authenticated user (default).
Allow no authentication access (to anyone) for an application.
Allow specific user(s) access to an application.
Allow specific group(s) access to an application.
Allow access to an application based on any IDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. user profile attribute.
Allow granular access based on an application URI(s) or deep link(s).
Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. and sign on.
- From the Topology tab or the Applications tab open the application.
- Select the Policies pane.
- Click the (+) icon to add a new policy.
To modify an existing policy
Click the Trash () icon next to any policy to delete that policy.
Note the root policy cannot be changed or deleted.
- Click the Pencil next to the policy being modified.
- In the Edit Existing Policy dialog modify the existing policy.
For example change resource path to reflect a different URL.
Note that the root policy cannot be changed.
- Click the Enable Policy toggle to enable or disable the policy.
- Click Okay to complete the edit, or Cancel to cancel.
To add a new policy
- Click the Plus () icon and select one of the application policy types.
- In the Add New Policy dialog specify:
Enable Policy toggle
Enable or disable the policy as required.
Name An appropriate name for the policy.
For example, Grant access to /myurl or Open /openurl to all.
- Not Protected
- Protected Rule
- Adaptive Rule
Resource Path The path to the resource.
For example: /myunprotectedpath
Description An option description of the Policy
- When complete click Okay to add the new policy or Cancel to cancel.
The URL is a protected resource and can only be accessed by users after being authenticated with the Identity Provider. Note that user authorization is controlled by the group membership on the settings tab.
The URL is an unprotected resource that can be accessed by users without being authenticated with the Identity Provider. Note that header data is not included with Not Protected policies.
A policy to control authorization to a resource overriding the access controls on the settings associated with the application.
Behavior is identical to Not Protected but also provides headers.
- Implement Advanced Access Gateway Policy