Restrict Scope Granters with Client Assignment Policies
-
In your workspace, navigate to Applications > Services and select a service.
-
In the Scopes view, find the scope of your interest and select Unrestricted from the Client Assignment column for this particular scope.
-
In the Scope Governance pop-up window
-
Select a Client Assignment policy from the drop-down list.
-
Select Save to proceed.
-
Result
You have restricted who can grant the Email scope.
Restrict Scope Requestors with Consent-Grant Policies
-
In your workspace, navigate to Applications > Services and select a service.
-
In the Scopes view, find the scope of your interest and select Unrestricted from the Consent Grant column for this particular scope.
-
In the Scope Governance pop-up window
-
Select a Consent Grant policy from the drop-down list.
-
Select Save to proceed.
-
Result
You have restricted who can request the Email scope.
Test Policies
-
Log in to a sample application.
-
In the login page, enter
user
as your username anduser
as your password. -
In the consent page displayed, verify the scope you restricted with your new policy.
Result
The scope is not available.