How-tos

Restricting Access to Services Using Authorization Scopes

Learn how to configure a policy and use it for restricting access to scopes. You can both limit who can grant a scope and who can request it.

Restrict Scope Granters with Client Assignment Policies

  1. In your workspace, navigate to Applications > Services and select a service.

  2. In the Scopes view, find the scope of your interest and select Unrestricted from the Client Assignment column for this particular scope.

  3. In the Scope Governance pop-up window

    1. Select a Client Assignment policy from the drop-down list.

    2. Select Save to proceed.

Result

You have restricted who can grant the Email scope.

  1. In your workspace, navigate to Applications > Services and select a service.

  2. In the Scopes view, find the scope of your interest and select Unrestricted from the Consent Grant column for this particular scope.

  3. In the Scope Governance pop-up window

    1. Select a Consent Grant policy from the drop-down list.

    2. Select Save to proceed.

Result

You have restricted who can request the Email scope.

Test Policies

  1. Log in to a sample application.

  2. In the login page, enter user as your username and user as your password.

  3. In the consent page displayed, verify the scope you restricted with your new policy.

    Result

    The scope is not available.