Assign Authorization Policies to Restrict Access to Client Apps
-
Go to Applications » Clients and select a client application.
-
Navigate to Policies tab.
-
Assign policies governing this application in different scenarios. Check the Cloudentity policy definition for more details.
-
Select User policy (a set of conditions for the user to access the client application).
-
Select Machine token policy, used when the application is part of the Client Credentials (machine-to-machine) flow.
Note
The policy that you select is validated before issuing a token for the authorization code/implicit grant flow. If the policy fails, the token is not issued and the user who tries to access the application is not allowed.
-
Example: Enforce MFA for Users Before Accessing Application
It is a common scenario that before accessing applications, users must authenticate using Multi Factor Authentication (MFA). To enforce MFA upon login:
-
Navigate to Policies tab of your client application.
-
Select User Policy input field.
-
Select the MFA User policy.
-
Save changes.
Result
Upon login, the users must perform additional verification in order to access your application. See example below.