I’m attempting to make a Zero Trust application which has policies that allows both users in our organization (by email suffix), as well as contractors (based on specific emails.
I have an application created, and I’ve created two access groups:
- Contractors - Include Emails: [email protected]
- Employees - Include Emails ending in: @organization.com
I then apply these access groups to a policy under our application like below:
Type Selector Value Include Access Group Contractors , Employees
I can see the policy is attached to the application. However, while employees can access the protected resource, the contractors cannot. Also, when I attempt to test the policy against the contractor email, I get this error:
Error testing your policy: access.api.error.invalid_user_id
I’m not really sure what to do with this error. The Users tab on the right gives no way to add a user (I think this is just tracking users that have logged in anyway)
Any thoughts on how to have both of these policies work?