You can create application-specific policies to manage user access to specific Web and desktop applications.

Prerequisites

  • Configure the appropriate authentication methods for your deployment.

  • If you plan to edit the default policy (to control user access to the service as a whole), configure it before creating an application-specific policy.

  • Add the web and desktop application to the catalog. At least one application must be listed in the Catalog page before you can add an application-specific policy.

When WS-Fed Web Application (Office 365) clients (VMware Boxer, iOS, and Android native email clients) uses the legacy authentication flow user name and password authentication, you configure client access policies in the Office 365 application from the Catalog page. See the VMware Identity Manager Integration with Office 365 guide.

Note:

Access policies are not created for applications that are managed by an Application Source nor for weblinks.

Procedure

  1. In the VMware Identity Manager console Identity & Access Management tab, select Manage > Policies.
  2. Click Add Policy.
  3. Add a policy name and description in the respective text boxes.
  4. In the Applies To section, type the application in the Search text box, and select the applications to associate with this policy.
  5. Click Next.
  6. Click Add Policy Rule to add a rule.

    Option

    Description

    If a user's network range is

    Verify that the network range is correct, If adding a rule, select the network range.

    and user accessing content from

    Select the device type that this rule manages.

    and user belongs to groups

    If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action

    Select Authenticate using....

    then the user may authenticate using

    Configure the authentication method order. Select the authentication method to apply first.

    To require users to authenticate through two authentication methods, click + and in the drop-down menu select a second authentication method.

    If the preceding methods fails or is not applicable, then

    Configure fallback authentication methods.

    Re-authenticate after

    Select the length of the session, after which users must authenticate again.

  7. Configure additional rules, if necessary.
  8. Click Save.