Access Control by User is the most common policy used by customers. It can be used in two ways. 1) To only grant an exclusive group of users to Applications. 2) Restrict access to applications by time/date.
...
title | Senario 1: Users in the 2fa_Access AD security group will have access to OWA, whereas users who are not will be denied access: |
---|
...
border | true |
---|
...
In the Administration Console, the policies can be accessed via either under Shortcuts>Check Policies
or
Administration>Policies
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
...
border | true |
---|
...
In the Category dropdown, you will see four Access Control policies. Select Access Control.
Click Search
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
|
...
border | true |
---|
...
A list of Access Control policies will appear underneath, If you have not yet created one then only the default system policy will display.
The default policy allows system-wide access to all applications at any time, by all users.
Do Not Delete or Edit the default system policy. Making any changes to this policy could result in you not being able to access the Administration Console even using the System Admin account.
It is best practice to create two new policies. One to allow access, One to deny access.
Click the Create button on the top right.
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
Create a new policy that will allow users belonging to a specific AD Group to access OWA
...
border | true |
---|
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
Create a new policy that will deny access to users in the rest of the domain.
...
border | true |
---|
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
...
border | true |
---|
Column |
---|
After setting up the policies as above, if an attempt is made to log on to OWA by a domain user who is not a member of the 2a_Access group, access will be denied. |
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
...
title | Scenario 2: Contractor access restricted by time. |
---|
You may wish to give contractors temporary access to a terminal server.
...
border | true |
---|
...
In the Administration Console, the policies can be accessed via either under Shortcuts>Check Policies
or
Administration>Policies
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
...
border | true |
---|
...
In the Category dropdown, you will see four Access Control policies. Select Access Control.
Click Search
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
|
...
border | true |
---|
...
A list of Access Control policies will appear underneath, If you have not yet created one then only the default system policy will display.
The default policy allows system-wide access to all applications at any time, by all users.
or User Group allows you to restrict access to applications by some individual users or a specific user group.
Access Control by User is implemented by creating some appropriate Access Control policies. In this guide, we will describe how to implement an access control system so that all users in a domain are denied access to the DualShield Service Console except users in the group called DualShield 2FA.
Do Not Delete or Edit the default system policy. Making any changes to this policy could result in you not being able to access the Administration Console even using the System Admin account.
It is best practice to create separate policies.
Click the Create button on the top right.
...
width | 60% |
---|
Panel | ||
---|---|---|
| ||
Create a new policy that will grant user access during certain days and times.
...
border | true |
---|
...
Please note that you can specify different times for different days using Time Period 2 and Time Period 3
...
width | 60% |
---|
...
bgColor | #FFFFFF |
---|
...
border | true |
---|
Column |
---|
After setting up the policies as above, if an attempt by a contractor is made to log on outside of the times specified then access will be denied.. |
...
width | 60% |
---|
...
bgColor | #FFFFFF |
---|
...