Restricting Access to Services Using Authorization Scopes
Learn how to configure a policy and use it for restricting access to scopes. You can both limit who can grant a scope and who can request it.
Restrict Scope Granters with Client Assignment Policies
In your workspace, navigate to Applications > Clients and select a service.
In the Scopes view, find the scope of your interest and select Unrestricted from the Client Assignment column for this particular scope.
In the Scope Governance pop-up window
Select a Client Assignment policy from the drop-down list.
Select Save to proceed.
Result: You have restricted who can grant the Email scope.
Restrict Scope Requestors with Consent-Grant Policies
In your workspace, navigate to Applications > Clients and select a service.
In the Scopes view, find the scope of your interest and select Unrestricted from the Consent Grant column for this particular scope.
In the Scope Governance pop-up window
Select a Consent Grant policy from the drop-down list.
Select Save to proceed.
You have restricted who can request the Email scope.
Test Policies
Log in to a sample application.
In the login page, enter
useras your username anduseras your password.
In the consent page displayed, verify the scope you restricted with your new policy.
The scope is not available.
