Access Groups allow you to define a set of users to which an application policy can be applied. You can reuse Access groups to quickly create policies that apply to the same set of users.
For example, suppose you have an internal application secured behind Access. You want to restrict permissions to that application to only the engineering team. You can configure an Access Group to only include members of your engineering team by individually adding their email addresses or adding groups from your IdP. You can also create a group based on IP ranges, which is an effective way to manage IP whitelisting in one place.
Access Groups also enable quick policy reuse by allowing you to create new policies that apply to groups you define once.
Access Group Membership Rules are the criteria to determine whether a user is a member of a particular group.
Membership Rule Types define the criteria to include or exclude a team member from an Access Group.
Everyonefilter if you want allow, deny or bypass access to everyone.
Rules for Access Groups follow the same logic as rules for Access Policies.
We recommend using Access Groups to define any IP address-based rules that you configure in any policies. Keeping IP addresses in one place allows you to modify or remove addresses once, rather than in each policy, reducing the potential for something to be missed.
If you are adding more than one IP address or range to an Access Group, be sure to use an Include rule, otherwise the policy that uses that Access Group will attempt to require traffic to originate from all ranges.