Skip to main content

Group-based application access in user portal

SecureAuth CIAM lets you control which applications users see in the User Portal based on their group membership. Use group-based access to secure sensitive apps and simplify the user experience. For example, IT Admins can access admin tools, while Employees see only business apps. This targeted visibility helps protect resources and simplifies application visibility management in the portal.

Before you begin

  • Make sure you have an Identity Pool set up with defined groups

  • When creating an authorization policy, you must select an Identity Pool and a group within that pool

  • Set up your applications in the Applications section of SecureAuth CIAM

Create an authorization policy

Authorization policies define who can access which applications. These policies control application visibility in the User Portal based on group membership.

For example, if you have two groups — IT Admins and Employees — you can create group-specific policies to control which organization applications are visible to users in each group.

To create a group-specific policy:

  1. Select a Workspace.

  2. Go to Authorization > Policies, then click + CREATE POLICY.

  3. On the Create Policy form, configure the following fields:

    Policy Type

    Set to User.

    This applies the policy based on user identity and group membership.

    Policy Name

    Enter a name that identifies the group.

    For example, IT Admins or Employees

    Policy ID

    Automatically generated. Edit if needed to follow your naming conventions.

    Policy Language

    Select SecureAuth to use the visual editor or JSON/YAML format.

    group_policy_001.png

  4. Click Create.

    Result: The policy flow page displays.

    group_policy_002.png

Build the policy flow

  1. Delete the default Fail validator.

    group_policy_003.png

  2. Select + ADD VALIDATOR, then choose Conditional.

    group_policy_004.png

    Select +ADD VALIDATOR

    group_policy_005.png

    Choose Conditional

  3. In the IF branch:

    1. Select + ADD VALIDATOR and and choose Group Membership.

    2. Select the identity pool and the group (for example, IT Admins)

      group_policy_006.png

  4. In the THEN branch, add a Pass validator.

    group_policy_007.png

  5. Verify that the ELSE branch contains a Fail validator.

  6. Save your changes.

Repeat the process to create a policy for each group you want to target.

Assign policies to applications

  1. Go to Applications > Clients.

    group_policy_009.png

  2. Select an application, then select the Access Control tab.

  3. In User policy, select the policy that defines which group of users can access the application.

    group_policy_008.png

Repeat the process for each application you want to restrict to a specific user group policy like the following examples for IT Admins and Employees.

group_policy_010.png

Application with user policy for IT Admins

group_policy_011.png

Application with user policy for Employees

Group-based views in the user portal

Once assigned, policies control what applications users see in the User Portal. Employees won't see IT tools. Admins won't see apps they don't need. This setup:

  • Reduces clutter in the User Portal

  • Prevents unauthorized access

  • Makes navigation faster for users

group_policy_012.png

User portal access for IT Admins

group_policy_013.png

User portal access for Employees

In this section: