Restrict OAuth Scopes to Okta Apps using Auth Server Access Policies & Rules

This article describes how you can restrict the use of certain OAuth scopes to certain Okta apps by adding access policies with access rules to the authorization server.

Step 1 β€” Create Auth Server

Go to https://<your-okta-admin-domain>/admin/oauth2/as & create an auth server:

Step 2 β€” Create Access Policy

Open the auth server, go to the Access Policies tab & create a policy for the Okta app for which you want to restrict OAuth scopes:

Step 3 β€” Create Access Rule

Create an access rule within this access policy & mention just the scopes that you want the app to be able to use:

Henceforth, the Okta app won’t be able to use any scopes except the ones listed above.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.