You can create application-specific policies to manage user access to specific Web and desktop applications.


If you plan to edit the default policy to control user access to the service as a whole, configure it before this policy before creating an application-specific policy.

Add web and desktop applications to the catalog. At least one application must be listed in the Catalog page before you can add an application-specific policy.


  1. In the Workspace ONE Access console Identity & Access Management tab, select Manage > Policies.
  2. Click Add Policy.
  3. Add a policy name and description in the respective text boxes.
  4. In the Applies To section, type the application in the Search text box, and select the applications to associate with this policy.
  5. Click Next.
  6. Click Add Policy Rule to add a rule.
    Option Description
    If a user's network range is Verify that the network range is correct. If adding a rule, select the network range.
    and user accessing content from Select the device type that this rule manages.
    and user belongs to groups If this access rule is going to apply to specific groups, search for the groups in the search box.

    If no group is selected, the access policy rule applies to all users.

    Then perform this action Select Authenticate using....
    then the user may authenticate using Configure the authentication method order. Select the authentication method to apply first.

    To require users to authenticate through two authentication methods, click + and in the drop-down menu select a second authentication method, such as Device Compliance.

    If the preceding method fails or is not applicable, then Do not configure a fallback method.
    Re-authenticate after Select the length of the session, after which users must authenticate again.
  7. Configure additional rules for other devices.
  8. Click Save.