Use application access control to define access to applications through roles and groups. For each application, specify the conditions that must be met by an authenticating user to access an application. You can use application access control with all types of applications.

  1. Go to Applications > Applications.
  2. Locate the application you want to configure. You can browse or search for applications.
  3. Click the application entry to open the details panel for the application.
  4. Click the Access tab and then click the pencil icon.
  5. For Admin Only Access, to specify whether an administrator role is required to access the application, select the Must have admin role check box.

    Available roles are:

    • Organization Admin
    • Environment Admin
    • Identity Data Admin
    • Client Application Developer

    For more information, see Roles.

  6. For Group membership policy, specify the groups that can access the application by searching or browsing for the group.

    The list is updated as you enter the search criteria. Do one or more of the following:

    OptionDescription
    Add a group to the access list Drag the group name from the All groups list to the Applied groups list.

    You can also click the + icon to add a group.

    Remove a group from the access list Drag the group name from the Applied groups list to the All groups list.

    You can also click the - icon to remove a group.

    Require any group membership If you apply two or more groups, select Any to require the user to be a member of any of the applied groups to access the application.
    Require all group membership If you apply two or more groups, select All to require the user to be a member of all of the applied groups to access the application.
    Note:

    If you remove an existing group from the environment, then any members of the group lose access to the configured application.

  7. Click Save.