Restrict user from logging according to group and time

Hi~

 

you should be able to do this with the VPE (prelogon editor) and/or Protected Resources/Protected Configurations (Users>Endpoint Security). Create a time Protected Config and attach it to the Resource Group or choose Check Time (preconfig inspector) in Prelogon sequence and name your time. If it's late enough in the check, then you should be able to present a message on the Logon Denied page. Hope that helps.

 

ps

HI, I only want to restrict a group of user not all. Is there any way?

Hi~

 

Are there any other identifiable checks you could make for those who do not have the time restriction? like client cert or machine cert or RegKey or something like that? For instance, you could do a check for client cert (early in the process) knowing only certain (internal employees) folks would pass - then they get to authenticate and access resources. You could then build a fallback path (for those without certs) which could still check AV/FW, etc, along with the Time restriction. That would allow those without restrictions access and the others would have to abide by the time designation. You could also add time restriction to the resource - meaning you might still 'let them in' but limit what resources they have access to depending on the time.

 

 

ps

Hi, no there is no other identifiable checks. I have try protected resources and it show a "blank" page when these users login at specific timing. What i need is an prompt informing that the "blank" page is due to time restriction and not F5 issue.

so that's odd since there should be a red 'System Warning' message at the top of their webtop (FP resource landing page) after they authenticate. If they click on the Warning, it should take them to the default message that they have some restrictions & if I remember correctly, it'll tell them it is due to the time setting.

 

 

ps