About Access Gateway policy types

Access Gateway supports the following Policy Types:

  • Protected Policy - Requires a valid session (authenticated user) only to access the associated user.
  • Not Protected Policy - Allows everyone access to the associated resource.
  • Protected Rule Policy - Requires an a valid session, and requires an expression detailing who can access the resource.
  • Adaptive Rule Policy - Extends Not Protected but passes header information to the underlying application.

Protected Policy

Protected Policy enforces the existence of a valid Access Gateway application session before allowing user access.
Unless otherwise specified by a more exclusive policy, all application resources will be subject to this policy.

Not Protected Policy

A Not Protected Policy will not enforce the existence of a valid Access Gateway application session. This policy type is typically reserved for anonymous pages that do not require a user’s identification or are trusted for public consumption.

Protected Rule Policy

Protected Rule Policy extends the behavior of a Protected Policy and enables you to more narrowly define the access rules (allow or deny) for specific resources. This policy type will evaluate the attributes you define in the Attributes menu of the application. Typically, these attributes will be sourced from your Okta tenant, so it’s important to understand which user profile data should be used.
Rules are PCRE-based regular expressions. See Example Access Gateway Policy for example rules and associated expressions.

Adaptive Rule Policy

Adaptive Rule Policy extends the behavior of the Not Protected Policy but provides the underlying application all application headers.