Access policies can be used to establish trust between users, devices, and apps in the Workspace ONE environment. You can configure access policies to manage how users access their catalog of resources and how users access specific resources.

Access policies consist of rules that specify criteria that users must meet to sign in to their apps portal and use their resources. Administrators configure features such as mobile single sign-on, conditional access to applications based on enrollment, compliance status, multi-factor authentication, and step-up authentication.

Policy rules map the requesting IP address to network ranges and designate the type of devices that users can use to sign in. The rule defines the authentication methods and the number of hours the authentication is valid. You can select one or more groups to associate with an access rule or you can apply the rule to everyone.

The Workspace ONE Access service includes a default access policy set that contains basic access policy rules that control access as a whole. The basic access policy rules are initially set up to allow all user access from all network ranges through a web browser or the Workspace ONE application. You can edit the default policy set to create more rules for specific types of devices and to use various types of authentication.

You can also create application-specific access policy rules to manage access to specific web and desktop applications. Application-specific access policy rules can be used to create step-up authentication that requires stronger authentication to more sensitive resources.