Access Testing Tool
Access Testing Tool enables you to run simulations of real-world user requests to access an application. The result shows whether the user would be allowed access to the app, and which rules and settings of your configuration were matched to create the authentication and enrollment requirements. You recreate the settings of a real access request and then run the test.
This helps you verify whether users or groups can access an app if your policies are configured a certain way.
You can simulate matches for the following types of policies and rules:
- Authentication policies
- Authenticator enrollment policies
- Global Session Policies
- User enrollment policies for apps
Test an access scenario
- Open the policy that you want to test and make a note of the options selected in its rules.
- In the Admin Console, go to .
- Select the same options as those configured in the policy that you want to test:
- Application: Select the application that you want to test access for.
- Username: Enter the username of a user whose access you want to test. Select it from the list when it appears. To add another one to the list, start entering the name of another user and select it from the list. To view groups, click Specify group instead. If the Group field appears and you want to switch back to adding usernames, click Specify username instead.
- Device state: Optional. Select a device state that you want to include in the test.
- Device platform: Optional. Select a device platform that you want to include in the test.
- IP address / Network Zone: Optional. Select a network zone or enter a single IP address and press Enter to include it in the test.
Access Testing Tool does not support dynamic zones.
- Risk score: Optional. Select a risk score level that you want to include in the test.
- Custom expression (OEL): This feature isn't supported.
- Click Run test.
- Review the results in the Results section of the page.
- In the Matching policies section, all policies that matched the criteria appear if the test was successful. If the test wasn't successful, there are no matching policies to display. Select the format in which you want to view the results:
- Sign in journey view: This option lets you view which policies and rules matched the criteria you configured in the simulator for each stage of the sign-in journey. Click each tile to view the information for that stage:
- Authenticate: This option shows which policies contained the authenticators and authentication requirements that matched the criteria you configured in the simulator.
- Fulfill authenticator enrollment requirements: This option shows which rules contained the authenticator enrollment criteria that you configured in the simulator.
- Fulfill user registration requirements: This option shows which rules contained the criteria for the profile attribute enrollment that you configured in the simulator.
- List all view: This option shows all policies and rules that matched the criteria in a list.
- Sign in journey view: This option lets you view which policies and rules matched the criteria you configured in the simulator for each stage of the sign-in journey. Click each tile to view the information for that stage:
- Click Clear test to clear the criteria and configure a new test.