Performing a policy driven API grant flow

Use the following examples to guide you through API grant types that use access policy.

These policies are the policies that are used in the following examples.
  • One first factor rule that requires authentication with password when the users IP address matches the subnet 192.168.1.0/24. If users are not on the corporate network, they must authenticate with fido2.
  • One second factor rule that requires second factor authentication by using emailotp. The user is a member of the group ADMINISTRATORS.
In these examples, both of these conditions match or are true. These conditions are simplified versions of the business rules:
  • Users must be on the corporate network to access this application.
  • Administrators must perform MFA when they access this application.