To provide better administrative access control for allowing access to network applications, an authorization framework is extended by dynamically adding administrative access control to the authorization framework. For example, the authorization framework can be extended by adding a plug-in to the authorization framework. The authorization framework manages the access control by generating tokens. For example, a token may be a digital certificate. The tokens define what access control an application, such as a client application has when accessing the network application. The tokens are based on the dynamically added administrative access control. When a request for a token is securely received, the authorization framework generates a token that identifies if the application (e.g., the client application) is allowed or not allowed to access the network application. The token is then used by the application to access the network application.