Skip to main content

Restricting Access to Services Using Authorization Scopes

Learn how to configure a policy and use it for restricting access to scopes. You can both limit who can grant a scope and who can request it.

Restrict Scope Granters with Client Assignment Policies

  1. In your workspace, navigate to Applications > Clients and select a service.

  2. In the Scopes view, find the scope of your interest and select Unrestricted from the Client Assignment column for this particular scope.

  3. In the Scope Governance pop-up window

    1. Select a Client Assignment policy from the drop-down list.

      acp_how-to_scopegrant_policy.png

    2. Select Save to proceed.

      acp_how-to_scopegrant_save.png

    Result: You have restricted who can grant the Email scope.

    acp_how-to_scopegrant_result.png

  1. In your workspace, navigate to Applications > Clients and select a service.

  2. In the Scopes view, find the scope of your interest and select Unrestricted from the Consent Grant column for this particular scope.

    acp_how-to_scopegrant_mail.png

  3. In the Scope Governance pop-up window

    1. Select a Consent Grant policy from the drop-down list.

      acp_how-to_scopegrant_policy.png

    2. Select Save to proceed.

      acp_how-to_scopegrant_save.png

    You have restricted who can request the Email scope.

    acp_how-to_scopegrant_result.png

Test Policies

  1. Log in to a sample application.

    tut_auth_demo_login.png

  2. In the login page, enter user as your username and user as your password.

    tut_auth_app_login.png

  3. In the consent page displayed, verify the scope you restricted with your new policy.

    The scope is not available.

    tut_auth_consent_pg.png