Create and edit access control rules

You create Access control rules to restrict access to an application based on username, group name, time, or other conditions.

The criteria you create in a rule are combined with an AND operator. This means that all conditions are applied to deny access. If you configure multiple rules, the rules are applied with an OR operator to ensure that if any of the conditions in a rule apply, access to an application is denied.

Access control rules are not live until an application is deployed. If you apply access control rules after an application was deployed, you must redeploy the application.

Note: The time-based access control type is available with HTTP/HTTPS applications only.

How to

  1. Log in to the Enterprise Application Access (EAA) Management Portal as an administrator.
  2. From the top menu bar click Applications.
  3. Locate the application card you wish to configure access control rules for.
  4. Click Settings > Services > Access Control > Configure Rules.
    • To create a new rule, click Add Rule.
    • To edit an existing rule, click Edit Rule.
    A modal window appears.
  5. In the Rule Name field, enter a name for the rule and click Create Rule and Configure.
  6. In the Type menu, select one of the following:
    • URL
    • Group
    • User
    • Method
    • Client IP
    • Country
    • Time
  7. In the Operator menu, select either is or is not
  8. In the Value drop-down, enter the value if applicable or select the value for the access control type. For example, if you selected Time as an access control type,
    1. Click the Time(clock) icon to configure the time-based settings.
    2. In the Start Time and End Time fields, enter a time in hh:mm format. Make sure the time you provide is based on a 24-hour clock.
    3. In the time zone menu, select a timezone.
    4. Select the days of the week that you want to deny access.
    5. Click Save.
  9. To add another criterion to the rule, click Add Another Criterion, and repeat steps 9 through 11.
  10. Click Save Rule.
    The rule appears as a card on the Traffic Rules page for the application.
  11. Click Back to Configuration Services, and save these changes.

Next steps

Deploy the application to apply these changes to the application in production.