For instructions on creating a CAC policy, refer to Create App Access Control policies.

When a user logs into the cloud and tries to perform an activity covered by the policy (for example, downloading a file), the user will be redirected to a new screen and prompted to log in. After entering the correct login credentials and successful authentication, the user can proceed with the activity. The user can continue with activities on the cloud for as long as the continuous authentication session lasts (as indicated by the session duration you specified in the Management Console). If the policy requires reauthentication at the end of a session, the user must log in again when the session ends.