User profiles or policies can be defined for a user or a user group. You may create multiple policies depending on the level of access you wish to grant. For example, you may want to set up restricted location-based access for remote users or restrict external users from accessing assets outside their working hours. This section will help you define required user access policies.

The system provides a Default User Access Policy which is applied to all new users added to the system via automated discovery via Active Directory or when added manually. You can update any policy type as a Default Policy.

Understanding policy parameters

The below table provides details about setting up policies for a user or a group of users while logging into the system and accessing functionalities of the system. Policies can be based on a combination of parameters or just individual parameters. At any point only one policy can be enforced for a user.

Parameter

Description

Configuration

Restriction

Use this setting when you would like to restrict user access to the system on a specific day.

  • One Time

  • Week basis

  • Day basis

  • Month basis

Schedule time

Restriction to be applied based on time of the day. If you want to restrict a user to access any password or session using the solution between a certain time, this policy must be activated.

  • Any

  • Specific time

IP segment

Select this option to enable restrictions based on IP Segments. You can add more IP Segments from here.

  • Any

  • Specific time

Session

Use this configuration to disable session recordings for users, disable live viewing of sessions, disable session termination, disable live view, disable session metadata or disable session collaboration with other users.

By default, all configurations are enabled for this section.

  • Session recording

  • Live view

  • Session terminates

  • Session collaboration

  • Session metadata

Max session duration

Enabling this feature will set a max session duration limit for all sessions initiated by the user.

  • Days, Hours, Minutes

MFA type

Select this section to apply default Multi-Factor Authentication type. You can configure MFA in the system here.

  • App OTP

  • SMS OTP
  • Email OTP
  • Vasco Token
  • RSA SecureID
  • Okta OTP/ Push
  • OneLogin OTP/ Push
  • Duo/ Push
  • Generic RADIUS
  • Google Authenticator
  • Microsoft Authenticator
  • FIDO2

Concurrency

You can set default concurrency of user login with this option.

  • 1-99 concurrent user logins

Authentication

Use this configuration to make the authentication easier and faster. Enforce MFA for every new session, to route access via a designated jump server and allow RDP direct  

  • Adaptive authentication

  • Enforce MFA for New Session

  • Enforce access via jump server

  • RDP redirect

Session Banner

This configuration is used to display a message when you take a session

  • Text

Access Request Scope

Use this setting when you would like to restrict the accounts only to mapped accounts when requesting for Access via workflow

  • All Accounts

  • As per Active Mapping

  • As per Active Mapping (Named Accounts)

Adding a new policy

You can add a new policy by navigating to the "Policies" tab on the navigation bar at the top. You can then select 'User Access Policy' from the sidebar. Policies can be based on time-based restrictions, schedule, location, IP Address, session duration, etc.

Editing an existing policy

 To edit any existing policy parameters, select the policy name and edit the desired parameter. The system by default installs a default policy. This can be toggled to update policy from the User Access Policy Page and updating the Default policy flag.

Providing access permissions

You can define clipboard and file sharing permission based on an access type and user access policy. For example, if you want to allow only internal users to copy files on an RDP session and restrict copy file permission for external, apply respective permissions for each user based on a policy. To apply access permission for a user policy, follow the steps below:

  • Navigate to the policy option and select the user access policy from the sidebar.

  • Select the policy on which you want permissions and click on theicon.

  • A new page will appear in front of you with available access types configured in the system. Select the access permission list as Allow File Download, Allow File Upload, Allow Clipboard, and Disable Access for respective access type.

  • Click on to the save button and your policy will have those access permissions you checked on.

Setting default policy

You can set the policy as default by just clicking on any of the 'set as default' option which will automatically convert it into a default policy.

Viewing linked users

You can check the list of users that have been assigned a particular policy. This highlight will help you to get a consolidated view of users with the same policy. In addition to this, you will get information such as the Authentication Type, Department, Manager, and Status of the user.

To view the list of linked users, follow the steps below:

  • Navigate to the policy option and select the user access policy from the sidebar.
  • Select the policy on which you want permissions and click on the  icon.
  • Click on the Linked Users option from the drop-down list.
  • A new page will appear in front of you with a list of users linked with the policy.