Configure an Authorization Policy
Create an authorization policy for each resource in your enterprise application and define the conditions in which users are allowed or denied access to the resource.
Prerequisite
Enable Authorization Policy. This is Standard License feature. To learn about these features, see Standard License Tier Features for Oracle Identity Cloud Service.
Note:
Although the Authorization Policy section appears during enterprise application configuration, the ability for App Gateway and Oracle Identity Cloud Service to validate authorization must be turned on for you. If you don't file a Service Request, your App Gateway won't perform authorization verification despite you having configured the Authorization Policy section.Note:
Authorization policies only work for resources that you protect with Form or Access Token authentication method in an authentication policy. If your resource is protected with any other authentication method, App Gateway doesn't perform authorization check when users try to access the resource using a web browser.Authorization policies define under what conditions users are allowed or denied access to application resources. When App Gateway intercepts an HTTP request to a resource endpoint, App Gateway verifies whether the enterprise application in Oracle Identity Cloud Service contains authorization policies for the resource. If so, then App Gateway verifies whether the HTTP request matches one of the rules configured to allow or deny access.
/myapp/private/home
resource, and configure a deny rule to deny access to this resource for users authenticated by the My External SAML IDP identity provider.