Temporarily Restrict Access to an Application in Okta Classic Engine
Apr 7, 2026
Administration
Okta Classic Engine
Overview
This article describes how to temporarily restrict access to an assigned application for specific users in Okta Classic environments.
Applies To
- Okta Classic Engine
- Applications
- App Sign-on rule
- Deny Access
Solution
To temporarily restrict access, follow the steps below:
- In the Okta Admin Console, navigate to Applications > Applications.
- Click the specific application that will be restricted for some users.
- Navigate to the Sign On tab of the application and scroll down to the Sign On Policy section.
- Select Add Rule and select The following groups and users in the People section.
- Choose the users or user group that will be restricted from logging in to the app.
- Scroll down and locate the When all the conditions above are met, sign on to this application is option and choose Denied.
- Save the rule and drag it to the top of the priority list. If a user logs in and matches the rule, they will now be denied. If a user does not match the rule, the next rule in the list will be evaluated.
- When there is no longer a need to deny access, the rule can be removed.
