Access Control

You can control authorized users' behaviors through access control policies. If a user is not authorized to access an application, the policies do not take effect for the user. Before you configure custom policies, enable access control to set a default policy.

The following describes how to configure a custom policy.

1. Log in to the administrator portal.
2. On the top navigation bar, choose Resources > Applications.
3. On the displayed page, click an application name to access the application details page.
4. In the General Information area, click next to Authentication, select an authentication mode, and click Save.
   

   Enable Authentication before you configure access control.

5. In the General Information area, click Configure in the row that contains Authentication to access the Authentication Integration page.
6. In the navigation pane on the left, choose Access Control. On the displayed page, click in the upper right corner. On the displayed page, configure the default policy.
   

   To disable the default policy, click . Exercise caution when performing this operation, since all policies will be deleted and cannot be recovered.

   

7. Click Save. The added default policy is displayed on the access control page. To modify the default policy, click next to it. In the displayed window, modify the default policy.
8. On the access control page, click Add Policy, set parameters, and click Save.

   

   Table 1 Policy parameters

   Parameter	Description
   * Policy Name	Name of a policy.
   Description	Description of a policy.
   User Condition	Users who can or cannot access the application. You can select a condition from the drop-down list box.
   Condition Type	Method of determining the user access conditions (User Group, Organization, Users, and Custom Condition).
   User Group	Group of users who are allowed or disallowed to access the application. For details, see Managing User Groups.
   Organization	Organization with users who are allowed or disallowed to access the application. For details, see Managing Organizations.
   Users	Users who are allowed or disallowed to access the application. For details, see Managing Users.
   Custom Condition	Attributes used to define users who are allowed or disallowed to access the application. For details, see Managing User Attributes. To add more custom conditions, click Add Custom Condition.
   Access Time	Select the time frame during which the application can be accessed.
   Date	Select the date on which the application can be accessed.
   Period	Select the time period during which the application can be accessed.
   Specific periods	Specify a time period to control user access behaviors. To add more time periods, click Add Period.
   Device Type	Type of devices that are allowed or not allowed to access the application. The options include Browser, Desktop device, and Mobile device. Browser: Google Chrome, Firefox, Internet Explorer, and other Desktop device: Windows, Linux, macOS, and other Mobile device: Android, iOS, and other
   Regions	Select the region where the application can be accessed. You can also specify regions by referring to Managing Regions.
   Authentication Provider	Select the authentication provider for accessing the application.
   THEN	Whether to allow access to the application. If you select MFA authentication, set the following parameters: Frequency: Specify the frequency for accessing an application with the MFA authentication. Authentication Method: Specify a method. After OTP is selected, users can obtain the OTP as prompted. For details about the configuration, see Configuring OTP. If you select multiple authentication methods, users can select one of these MFA methods during the login process.

If you configure multiple application access control policies, you can adjust their priorities. When an enterprise user accesses an application, custom policies are used based on their priorities. If no custom policies are matched, the default policy is used to determine whether the user can access the application.

• You can drag and drop policies in the list to adjust their priorities.
• Click Modify in the Operation column of a policy. On the displayed page, modify the policy configuration and click Save.
• Click View Details in the Operation column of a policy to check its information.
• Click Delete in the Operation column of a policy. In the displayed dialog box, click OK to delete the policy.