---
title: Defining access control
description: On the Access Control tab, you can restrict which OAuth clients are allowed to use this access token management instance.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_beareraccesstokenmgmtplugintasklet_atmaccesscontrolsettingsstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_beareraccesstokenmgmtplugintasklet_atmaccesscontrolsettingsstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  steps: Steps
  result: Result
---

# Defining access control

On the **Access Control** tab, you can restrict which OAuth clients are allowed to use this access token management instance.

## Steps

1. Go to **Applications > OAuth > Access Token Management** and select your ATM instance or click **Create New Instance**.

2. On the **Access Control** tab, select the **Restrict Allowed Clients** checkbox.

3. Select a client from the **Allowed Clients** list, and then click **Add**.

   Repeat this step to select additional clients as needed.

## Result

To remove a client from the **Allowed Clients** list or to cancel the removal request, click **Delete** or **Undelete** under **Action**.

To disable access control by clients altogether, clear the **Restrict Allowed Clients** checkbox.