Accessing the cloud service from a desktop, laptop, or an unmanaged device

Conditional rules configured in Access can be used to define which apps and devices can authenticate with the cloud service provider (SP). You can configure a conditional rule to allow an unmanaged app to access the SP. By default, conditional rules are not applied to managed apps using Tunnel and to AppConnect apps using Tunnel or AppTunnel. The default conditional rule can be set to allow, block, or warn apps and devices if conditional rules do not match. If the default conditional rule is set to Allow when all other conditional rules do not match, authentication traffic will be allowed through Access. In this setup, the app will be able to authenticate with the IdP.

Access provides a set of predefined and customizable rules. For more information about conditional rules, see Conditional Access.