Add Custom Policy
To add custom policy to an application:
- Open the Access Gateway Admin UI console.
- Select the Application tab.
- In the row containing the previously created application, click Edit (
).
- Expand the Essentials tab.
- In the Protected Web Resource field, specify http://policy.service.spgw.
Important
Specifying a Protected Web Resource as policy.service.spgw instructs Access Gateway that this is a policy test application and results in policy test suite being executed when you select Goto application > SP Initiated or IDP Initiated tests.
This is only for testing purposes. - Expand the Advanced sub-tab.
- Activate the Debug toggle.
Important
Activating Debug mode allows Access Gateway to display debug information when testing.
This is only for testing and should not be activated in production. - Select the Policies tab.
- Click Add (
) and select Not Protected.
- Enter a name and resource. For this example, we added a not protected rule named Public referencing Resource Path /public.
Optionally enter a description of Not protected resource. - Click Okay to save the rule.
- Click the Add(
) button and choose Protected Rule.
- Enter a name, resource, and resource matching rule. For this example, enter:
-
Name Deny Resource Path /deny Resource Matching Rule Groups=(?!.*Everyone:) - Click Okay to save the rule.
- Click Done.
Test the application
- In the row containing the application, click the Goto> SP Initiated.
- Sign in to your Okta tenant using a valid account.
- Examine the results of the test.
Note that the default path is '/' and is covered by the root policy. - Modify the URL to append /deny/.
- Refresh the browser. If the user was in the Everyone group, then the request should be similar to: