Forum Discussion
RyanDM2_175490
Nimbostratus
NimbostratusSession Limit for different users
Currently, there is only one global setting for session time for an access profile. I'd like to know if there is a way that I could set, for example, a session time of 10 hours for AD group "mission ...
Michael_Jenkins
Cirrostratus
CirrostratusWe're doing something like this in our environment. The way I've gotten it to work is by using an iRule that gets called from the during the APM flow (added in the policy editor (VPE)). The iRule you're looking for might look something like this:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "setSessionTimeoutAgent" } {
if { [ACCESS::session data get session.ad.last.attr.memberOf] contains "AD_GROUP_NAME" } {
ACCESS::session data set session.inactivity_timeout 10800
}
}
}
I'm not sure how to check for an OTP user since I've yet to do that, but this should help get you started...
