You can create application-specific policies in the Workspace ONE Access console to manage user access to specific Web and desktop applications.


  • Configure the appropriate authentication methods for your deployment.
  • If you plan to edit the default policy (to control user access to the service as a whole), configure it before creating an application-specific policy.
  • Add the web and desktop application to the catalog. At least one application must be listed in the Catalog page before you can add an application-specific policy.

When WS-Fed Web Application (Office 365) clients (VMware Boxer, iOS, and Android native email clients) uses the legacy authentication flow user name and password authentication, you configure client access policies in the Office 365 application from the Catalog page. See the VMware Identity Manager Integration with Office 365 guide.

Note: Access policies are not created for applications that are managed by an Application Source nor for weblinks.


  1. In the Workspace ONE Access console Resources > Policies page, click Add Policy.
  2. Add a policy name and description in the respective text boxes.
  3. In the Applies To section, type the application in the Search text box, and select the applications to associate with this policy.
  4. Click Next.
  5. Click Add Policy Rule to add a rule.
    Option Description
    If a user's network range is Verify that the network range is correct, If adding a rule, select the network range.
    and user accessing content from Select the device type that this rule manages.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Configure the authentication method order. Select the authentication method to apply first.

    To require users to authenticate through two authentication methods, click + and in the drop-down menu select a second authentication method.

    If the preceding methods fails or is not applicable, then Configure fallback authentication methods.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  6. Configure additional rules, if necessary.
  7. Click Save.