Grant access to specific users or groups

Before you begin

  1. Make sure a directory and identity provider is configured. For more information, see Add a directory and Add an identity provider.
  2. Require authentication to access a blocked website or web application. See Require authentication to access a website or web application.

Complete this procedure to define user and group access to websites and web applications. When you select the block action for access control, you define the users or groups that are exempt from the block action. For more information, see Application visibility and control.

How to

  1. In the Enterprise Center navigation menu, select Policies > Policies.
  2. Go to the policy where you want to grant specific users or groups access to a blocked AUP category.
  3. Click the edit icon.
  4. Click the Access Control tab.
  5. Click the AUP and Shadow IT tab.
  6. Go to the blocked risk level, category, category operation, application, or application operation that you want specific users or groups to access.
  7. To grant access to specific groups:
    1. Click the link icon.
    2. Click the Groups tab.
    3. In the text field, enter the group name. As you enter a group name, a list of groups appear in a drop-down list. This includes imported groups, organizational units (OUs), and any overlay groups that were added to ETP.
      If the group name you provide does not appear in the drop-down list, you can add the group. If you add a group, you must also add the group to the relevant directory for the group to authenticate and gain access.
    4. Select the group or groups from the list.
    5. Click Associate.
  8. To grant access to specific users:
    1. Click the link icon.
    2. Click the Users tab.
    3. In the text field, enter the user’s unique user ID.
      If the user does not exist in the directory associated with the policy identity provider, you can enter a unique ID for the user you want to add and click the add button. This adds the unique ID to the list. You must also add the user to the relevant directory for the user to authenticate and gain access. The user ID that’s provided here is the ID the user enters to authenticate.
      If you need to find a user ID to enter into this field, you can filter activity in the Proxy Activity report (Monitoring > Activity > Proxy Activity) by User ID.
    4. Select the user or users from the list.
    5. Click Associate.
  9. Click Save.

Next steps

Deploy configuration changes