Access policies can be used to establish trust between users, devices, and apps in the Workspace ONE environment. Access policies consist of rules that specify criteria that users must meet to sign in to their apps portal and use their resources. Administrators configure features such as mobile single sign-on, conditional access to applications based on enrollment, compliance status, multi-factor authentication, and step-up authentication.

Policy rules map the requesting IP address to network ranges and designate the most suitable authentication experience for different type of devices. The rule defines the authentication methods and the number of hours the authentication is valid. You can select one or more groups to associate with an access rule or you can apply the rule to everyone.

The Workspace ONE Access service includes a default access policy set that contains basic access policy rules that control access as a whole. The basic access policy rules are initially set up to allow all user access from all network ranges through a web browser or the Workspace ONE Intelligent Hub app. You can edit the default policy set to create more rules for specific types of devices and to use various types of authentication.

You can also create application-specific access policy rules to manage access to specific web and desktop applications. Application-specific access policy rules can be used to create step-up authentication that requires stronger authentication to more sensitive resources.