Managing network resource permissions for applications using an application catalog

Therefore, the following is claimed: 1. A non-transitory computer-readable medium embodying at least one program executable in at least one computing device, the at least one program, when executed by the at least one computing device, being configured to cause the at least one computing device to at least: generate a user interface presenting an application catalog that includes a listing of a plurality of applications that are available to managed client devices in an organization; receive, from a managed client device operated by an end user, a selection of a particular application of the plurality of applications from the application catalog, the selection indicating a particular security group of a plurality of security groups; install the particular application on the managed client device in response to the selection; and configure a network of the organization to provide the particular application on the managed client device with access to a virtual segment of the network having access to a set of resources corresponding to the particular security group. 2. The non-transitory computer-readable medium of claim 1 , wherein the particular security group is associated with a role of the end user within the organization, and the managed client device is used by the end user. 3. The non-transitory computer-readable medium of claim 1 , wherein configuring the network of the organization further comprises configuring a network device to permit routing of network traffic from the particular application executed in the managed client device to the virtual segment of the network through which the set of resources are accessible. 4. The non-transitory computer-readable medium of claim 1 , wherein each of the plurality of security groups are associated with a different virtual segment of the network. 5. The non-transitory computer-readable medium of claim 1 , wherein another security group of the plurality of security groups corresponds to a different set of resources, and the different set of resources includes at least one resource in common with the set of resources corresponding to the particular security group. 6. The non-transitory computer-readable medium of claim 1 , wherein the listing of the plurality of applications included in the application catalog comprises a plurality of instances of the particular application, individual ones of the plurality of instances corresponding respective ones of the plurality of security groups. 7. The non-transitory computer-readable medium of claim 1 , wherein the user interface includes a component corresponding to the particular application that facilitates a user selection of the particular security group of the plurality of security groups. 8. The non-transitory computer-readable medium of claim 1 , wherein the at least one program, when executed by the at least one computing device, is further configured to cause the at least one computing device to at least: verify that the end user associated with the managed client device is authorized for the particular security group before configuring the network. 9. The non-transitory computer-readable medium of claim 1 , wherein the at least one program, when executed by the at least one computing device, is further configured to cause the at least one computing device to at least: send data encoding the user interface to the managed client device. 10. A system, comprising: at least one computing device; and an application catalog service executable by the at least one computing device, the application catalog service configured to cause the at least one computing device to at least: generate a user interface presenting an application catalog that includes a listing of a plurality of applications that are available to managed client devices in an organization; receive, from a managed client device associated with an end user, a selection of a particular application of the plurality of applications from the application catalog, the selection indicating a role of the end user in the organization; install the particular application on the managed client device in response to the selection; and configure a network of the organization to provide the particular application on the managed client device with access to a virtual segment of the network having access to a set of resources corresponding to the role of the end user in the organization. 11. The system of claim 10 , wherein the role of the end user in the organization is associated with a particular security group of a plurality of security groups, and the set of resources corresponds to the particular security group. 12. The system of claim 10 , wherein the user interface includes, for the particular application, a plurality of selectable components that correspond to a plurality of roles in the organization. 13. The system of claim 10 , wherein configuring the network further comprises configuring a network device to permit routing of network traffic from the particular application executed in the managed client device to the virtual segment of the network through which the set of resources are accessible. 14. The system of claim 13 , wherein the network device is configured to verify that the managed client device has a credential associated with the virtual segment of the network before routing the network traffic from the particular application to the virtual segment of the network. 15. The system of claim 10 , wherein the application catalog service is further configured to cause the at least one computing device to at least: receive a specification of a plurality of sets of resources for the particular application from an administrative user; and generate a respective virtual segment on the network for each set of resources of the plurality of sets of resources. 16. A method, comprising: generating a user interface presenting an application catalog that includes a listing of a plurality of applications that are available to client devices; receiving, from a client device operated by an end user, a selection of a particular application of the plurality of applications from the application catalog, the selection indicating a particular security group of a plurality of security groups; installing the particular application on the client device in response to the selection; and configuring a network to provide the particular application on the client device with access to a virtual segment of the network having access to a set of resources corresponding to the particular security group. 17. The method of claim 16 , wherein each security group of the plurality of security groups is associated with a respective selectable component for the particular application in the user interface. 18. The method of claim 16 , further comprising: receiving a specification of a plurality of sets of resources for the particular application from another client device associated with an administrative user; and generating a respective virtual segment on the network for each set of resources of the plurality of sets of resources. 19. The method of claim 16 , further comprising: storing, in a data store, a record that the client device has requested access for the particular application to the set of resources corresponding to the particular security group. 20. The method of claim 16 , further comprising: sending the particular application to the client device in response to the selection.