Performing a policy driven API grant flow
Use the following examples to guide you through API grant types that use access policy.
These policies are the policies that are used in the following examples.
- One first factor rule that requires authentication with
password
when the users IP address matches the subnet192.168.1.0/24
. If users are not on the corporate network, they must authenticate withfido2
. - One second factor rule that requires second factor authentication by using
emailotp
. The user is a member of the groupADMINISTRATORS
.
In these examples, both of these conditions match or are true. These conditions are
simplified versions of the business rules:
- Users must be on the corporate network to access this application.
- Administrators must perform MFA when they access this application.