How-tos

1 min read

Restricting Access to Client Applications

Instructions on how to assign policies to the application

Assign Authorization Policies to Restrict Access to Client Apps

  1. Go to Applications » Clients and select a client application.

  2. Navigate to Policies tab.

  3. Assign policies governing this application in different scenarios. Check the Cloudentity policy definition for more details.

    1. Select User policy (a set of conditions for the user to access the client application).

    2. Select Machine token policy, used when the application is part of the Client Credentials (machine-to-machine) flow.

    Note

    The policy that you select is validated before issuing a token for the authorization code/implicit grant flow. If the policy fails, the token is not issued and the user who tries to access the application is not allowed.

Example: Enforce MFA for Users Before Accessing Application

It is a common scenario that before accessing applications, users must authenticate using Multi Factor Authentication (MFA). To enforce MFA upon login:

  1. Navigate to Policies tab of your client application.

  2. Select User Policy input field.

  3. Select the MFA User policy.

  4. Save changes.

Result

Upon login, the users must perform additional verification in order to access your application. See example below.

Enforced MFA

Updated: Nov 2, 2023