This article clarifies why an application displays a lock icon on the End-User Dashboard and cannot be launched by a user. It also explains the actions an administrator can perform to address this behavior.
The following images demonstrate how the application appears on the old and new End-user dashboards:
Old End-user dashboard:
New End-user dashboard:
- Sign-on Policy
- End-User Dashboard
When a user accesses the End-User Dashboard, the system pre-evaluates the sign-on policy rules for the application. If the evaluation results in a denial based on the authentication rule conditions, the application appears as Locked and the user cannot launch it.
To resolve the issue, an administrator must perform the following steps:
-
Review the Sign-on Policy for the affected application.
-
Ensure the user meets the required conditions for access defined in the policy rules.
NOTE: If a rule with Device Token conditions, such as a registered or managed device or device assurance, is configured in the sign-on policy, the lock icon does not appear. This occurs because access to the application may still be permitted during a later stage of the sign-in process.
