Protecting scopes with access policies


If you have not installed ACP yet, check Installing ACP instructions and get it done.

Create a policy

  1. Log in to Administrator Portal with your username and password.

  2. Select Policies from the left sidebar.

  3. Select Create policy from the Policies view.

  4. In the Create Policy popup window

    1. Select Cloudentity as Policy type.

      Policy types

      Another type of policies that you can create in ACP is OPA. For instruction on how to create OPA policies, see Protecting applications and APIs in ACP using OPA.

    2. Specify Policy Name and Display Name.

    3. Select Create.


The ACP policy builder opens.

Add a validator

  1. In the policy builder, select the + sign to add a validator.

  2. In the Add new validator fly-out view, enter a validator name of your preference into the search field and follow up to the validator setup.

  3. In the validator view, set up the validator by adding and configuring its fields.

  4. When all the fields are ready, confirm the validator setup and select Save to finalize your new policy.


    Your newly-created policy is available in the Policies view.

Configure scopes

  1. Go to Services from the left sidebar.

  2. Select Profile from the scopes listed in Service dashboard.

  3. Select one of the scopes available from the Profile service and open it for editing.

  4. In the Edit Scope popup window, specify Scope Requested Policy and Client Assignment Policy by selecting your new policy from the dropdown lists for both fields.

  5. Select Update to save the changes.

Test policies

  1. Log in to a sample application.

  2. In the login page, enter user as your username and user as your password.

  3. In the consent page displayed, verify the scope you restricted with your new policy.


    The scope is not available.