Knowledge base
Training

Add Custom Policy

To add custom policy to an application:

  1. Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance..
  2. Select the Application tab.
  3. In the row containing the previously created application, click the Edit button ( ).
  4. Expand the Essentials tab.
  5. Change the Protected Web Resource field to specify http://policy.service.spgw.

    Important Note

    Important

    Specifying a Protected Web Resource of policy.service.spgw instructs Access Gateway that this is a policy test application and results in policy test suite being executed on Goto > SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process. or IDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. Initiated tests.
    This is only for testing purposes

  6. Expand the Advanced sub-tab.
  7. Set the Debug toggle on.

    Important Note

    Important

    Enabling Debug mode allows Access Gateway to display debug information when testing.
    This is only for testing and should not be enabled in production.

  8. Select the Policies tab.
  9. Click the Add() button and choose Not Protected.

  10. Enter an name and resource. For this example we added a not protected rule named Public referencing Resource Path /public.
    Optionally enter a description of Not protected resource.
  11. Click Okay to save the rule.
  12. Click the Add() button and choose Protected Rule.
  13. Enter a name, resource and Resource Matching Rule. For this example, enter:
  14. Name Deny
    Resource Path /deny
    Resource Matching Rule GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.=(?!.*Everyone:)
  15. Click Okay to save the rule.
  16. Click Done to complete the application edit.

Test the application

  1. In the row containing the application click the GotoSP Initiated.
  2. Login to your Okta tenant using a valid account.
  3. Examine the results of the test.
    Note the default path is '/' and is covered by the root policy.
  4. Modify the URL to append /deny/.
  5. Refresh the browser. If the user was in the Everyone group, then the request should resemble.
Top

© 2020 Okta, Inc All Rights Reserved. Various trademarks held by their respective owners.