In the Five-Step Methodology of Zero Trust, application access and user access are defined in Step 3: Architect a Zero Trust Network. This step involves designing the network architecture to enforce Zero Trust principles, which include defining and segmenting the network, specifying access controls, and ensuring that only authenticated and authorized users and devices can access the necessary applications and data. This step is critical for establishing a secure and resilient network that adheres to the Zero Trust model.