Add Custom Policy

To add custom policy to an application:

  1. Open the Access Gateway Admin UI console.
  2. Select the Application tab.
  3. In the row containing the previously created application, click Edit ( ).
  4. Expand the Essentials tab.
  5. In the Protected Web Resource field, enter http://policy.service.spgw

    Specifying a Protected Web Resource as policy.service.spgw instructs Access Gateway that this is a policy test application and results in policy test suite being executed when you select Goto applicationSP Initiated or IDP Initiated tests. This is only for testing purposes.

  6. Expand the Advanced sub-tab.
  7. Enable Debug mode.

    Activating Debug mode allows Access Gateway to display debug information when testing. This is only for testing and should not be activated in production.

  8. Select the Policies tab.
  9. Click Add () and select Not Protected.
  10. Enter a name and resource (for example, /public).
  11. Optional. Enter a policy description.
  12. Click Okay to save the rule.
  13. Click Add() and select Protected Rule.
  14. Enter a name, resource, and resource matching rule. For this example, enter:
    NameDeny
    Resource Path/deny
    Resource Matching RuleGroups=(?!.*Everyone:)
  15. Click Okay to save the rule.
  16. Click Done.

Test the application

  1. In the row containing the application, click the GotoSP Initiated.
  2. Sign in to your Okta tenant using a valid account.
  3. Examine the results of the test. Note that the default path is / and is covered by the root policy.
  4. Modify the URL to append /deny/
  5. Refresh the browser. If the user was in the Everyone group, then an Access Denied dialog is displayed.