Centrestack has the ability to govern the level of access a user will have when connecting to the web portal or launching the windows client when logging in from specific locations.
We can deny or allow access from the internet, a local network or a customer defined IP range
To do this, go to Access Policy from the Tenant Settings, Data Leak Protection, Client Access Policy.
You will be presented with the Access Policy Wizard. Click Add New Access Policy
Give the Access Policy a name, then click Next.
Next you will select an access condition. This is to define where the access is coming from.
You have 4 options
- Access from Internet - The policy will be active for users logging in from the internet.
- Access from Local Network - The policy will be active for users logging in from within the same local network as the Centrestack Server.
- Access from Customer-Defined Network - The policy will be active for users logging in from within the defined IP Range.
- Not Access from Customer-Defined Network - The policy will be active for users logging in from outside of the defined IP Range.
Select an Access Condition, Enter the IP range if requested and click NEXT.
Next, you will set the permission type as well as which applications can be accessed when that permission is set.
Allow Following Checked permission(s) will grant access to the checked modules while Deny following checked permission(s) will deny access to the checked modules.
Select the options you want, then click COMMIT.
Scenario:
Say, for example, we need to deny management access to anyone coming from outside of a defined IP range. We would accomplish this in the following way.
1.
Select Not Access from Customer-Defined Network.
2.
Enter the IP range that you require the user to be coming from and click NEXT.
The access policy will now affect anyone NOT coming from that IP Range
3.
Select Deny following checked permission(s), check the Web Management checkbox, and click COMMIT.
This access policy will now deny management options in the web portal to anyone that is not logging in from the defined IP range.
Comments
0 comments
Please sign in to leave a comment.