To provide secure access to the Workspace ONE portal and to launch applications, you configure access policies. Access policies consist of rules that specify criteria that users must meet to sign in to their apps portal and to use their resources.

Access policies allow administrators to configure features such as mobile single sign-on, conditional access to applications based on enrollment and compliance status, multi-factor authentication, and step-up authentication.

Policy rules map the requesting IP address to network ranges and designate the type of devices that users can use to sign in. The rule defines the authentication methods and the number of hours the authentication is valid. You can select one or more groups to associate with an access rule or you can apply the rule to everyone.

The VMware Identity Manager service includes a default access policy set that contains basic access policy rules that control access as a whole. The basic access policy rules are initially set up to allow all user access from all network ranges through a web browser or the Workspace ONE application. You can edit the default policy set to create more rules for specific types of devices and to use various types of authentication.

You can also create application-specific access policy rules to manage access to specific web and desktop applications. Application-specific access policy rules can be used to create step-up authentication that requires stronger authentication to more sensitive resources.