To provide secure access to SaaS applications, you configure access policies. Access policies include rules that specify criteria that must be met to sign in to the Workspace ONE portal and to use applications.

For details about access policies in the Workspace ONE UEM system, see Workspace ONE Access and search for Managing Access Policies.

Flexibility of Access Policies

Access policies allow lenient control in the network and restrict access out of the network. For example, you can configure one access policy with the following rules.

  • Allow a network range access with single sign-on within the company network.
  • Configure the same policy to require multi-factor authentication (MFA) when off the company network.
  • Configure the policy to allow access to a specific user group with a specific device-ownership type. It can block access to others not in the group.

Default Access Policy and Application-Specific Access Policies

Default Access Policy - The Workspace ONE Access service and the Workspace ONE UEM console include a default policy that controls access to SaaS applications as a whole. This policy allows access to all network ranges, from all device types, for all users. You can edit the default access policy but you cannot delete it.

Important: Edits to the default access policy apply to all applications and can impact all users ability to access Workspace ONE.