This article provides steps on how to block a group from accessing an application. 

• Management and Monitoring
• Applications

Within Okta Identity Engine (OIE) and Okta Classic, the steps to block a group are the same. Within Okta Classic however, the steps are performed on an app by app basis, while OIE Allows for a single policy to be modified which can then be applied to multiple applications. 

1. Log in to the Admin Console.
2. Navigate to Applications > Applications. 
3. Select the specific application and click Sign On.
4. Scroll to the bottom of the page. 

Okta Classic

1. For Okta Classic, the Sign On policy for the app will be listed.
2. Click Add Rule.
3. Under Who does this rule apply to?, search for the group that needs to be blocked. 
4. Under When all the conditions above are met, sign on to this application is: section, select Denied.
5. Ensure that the Deny Rule is set to priority 1 so it is evaluated first. 

6. This will prevent all users belonging to that group from signing into the specific application. 

Okta Identity Engine (OIE)

1. Click View Policy Details.
2. Click Add Rule.
3. Provide a name for the rule as well as listing the User's group membership.
4. Under THEN Access is set the rule to Denied. 
5. Ensure that the Deny Rule is set to priority 1 so it is evaluated first. 

6. This will prevent all users belonging to that group from signing into the specific application.