Enforcing Combination Zero Trust Access Policies Help


I’m attempting to make a Zero Trust application which has policies that allows both users in our organization (by email suffix), as well as contractors (based on specific emails.

I have an application created, and I’ve created two access groups:

  1. Contractors - Include Emails: [email protected]
  2. Employees - Include Emails ending in: @organization.com

I then apply these access groups to a policy under our application like below:

Type	Selector	              Value
Include	Access Group	      Contractors , Employees

I can see the policy is attached to the application. However, while employees can access the protected resource, the contractors cannot. Also, when I attempt to test the policy against the contractor email, I get this error:

Error testing your policy: access.api.error.invalid_user_id

I’m not really sure what to do with this error. The Users tab on the right gives no way to add a user (I think this is just tracking users that have logged in anyway)

Any thoughts on how to have both of these policies work?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.