If your organization deploys applications that contain sensitive data, you can restrict access to these applications to only MDM-managed devices. You can create application-specific policies to manage user access to specific Web and desktop applications.


To enforce this managed requirement on a selection of applications, you create application-specific policies for these applications. When you create the policy, in the Applies to section, you select the applications to associate with this policy.

In the application-specific policy, create a rule for each device type in your deployment. Select the correct authentication method. However, because unmanaged devices cannot access the application, do not define a fallback authentication method.

If you plan to edit the default policy to control user access to the service as a whole, configure it before this policy before creating an application-specific policy.

Add web and desktop applications to the catalog. At least one application must be listed in the Catalog page before you can add an application-specific policy.


  1. In the Workspace ONE Access console Resources > Policies page, click Add Policy.
  2. Add a policy name and description in the respective text boxes.
  3. In the Applies To section, type the application in the Search text box, and select the applications to associate with this policy.
  4. Click Next.
  5. Click Add Policy Rule to add a rule.
    Option Description
    If a user's network range is Verify that the network range is correct. If adding a rule, select the network range.
    and user accessing content from Select the device type that this rule manages.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Configure the authentication method order. Select the authentication method to apply first.

    To require users to authenticate through two authentication methods, click + and in the drop-down menu select a second authentication method, such as Device Compliance.

    If the preceding method fails or is not applicable, then Do not configure a fallback method.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  6. Configure additional rules for other devices.
  7. Click Save.