Conditional Access to User Accounts
- 14 Dec 2023
- 2 Minutes to read
- Print
- PDF
Conditional Access to User Accounts
- Updated on 14 Dec 2023
- 2 Minutes to read
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
With OneID, IT admins can configure specific conditions from the Scalefusion Dashboard. These parameters determine the users' ability to log in to their accounts on the device. To conditionally manage the user login access, following parameters can be enforced:
- Location
- IP Range
- Wifi SSIDs
- Day & Time
To configure,
- In OneID configuration window, navigate to Conditional Access on the left panel.
- Clicking on the + sign will expand and list the parameters.
- Enable the condition by putting the respective toggle to On in front of each setting.
Location
The user will be allowed to login only from the geofences selected here. Select geofence from the drop-down, and they will be displayed in the section below. To remove any geofence from the list, click on the cross next to it. To configure this setting, geofences should be already created on the account otherwise you will not be allowed to enforce location.
Points to Note:
- If you have configured Location API in Device Profile, then that selected API will be considered for location conditional access.
- If no Location API is configured in device profile, Webview2 API will be considered for Location condition check
- If Location is tracked by Webview2 API, then Location condition check is performed post login of user.
If the specified condition is not met, following pop-up will be displayed to the user:
User already logged in 
User Not Logged in
IP Range
Enter the IP ranges and the user(s) will be allowed to login within those specified ranges. To give range, click on Add Range link. This will add a new row below. Here, select Type from IPv4 and IPv6, give start and End IP address. The IT admins can click on the delete icon under Actions if any particular IP range has to be removed. Click on Add range to configure multiple IP ranges. Note: The IP addresses should be valid.
If the specified condition is not met, the following pop-up will be displayed to the user:
User already logged in 
User not logged in
Wi-Fi SSIDs
Enter the Wifi and the user will be allowed to login from the specified Wifi connection. To give Wifi SSID, click on Add Wifi SSID link. This will add a new row below. Enter a valid Wifi SSID. The IT admins can click on the delete icon under Actions if any particular Wifi has to be removed. To add more Wifi SSIDs, keep clicking on Add Wifi SSID link. 
If the conditions are not met, following pop-up will be displayed to the user:
User already logged in
User not logged in
Day & Time
Configure the Time schedule in which user account is allowed to login. Select the following:
- Start Time & End Time
- Timezone: You can either choose to use device's local timezone or select it manually from the drop-down.
- Select Days: Select particular day(s) from Sunday to Saturday
If the conditions are not met, following pop-up will be displayed to the user:
User not logged in
User not logged in
- Auto Logoff/Force Restart if violation detected: If this checkbox is selected, the system will automatically log off if there is a violation (condition is not met).
- For any condition, if there are multiple entries (for eg. multiple IP Ranges) and even if one of them is fulfilled, it will not be considered as violation.
- If one or more parameters in conditional access are configured, and even if one is not fulfilled, it will be considered as a violation and user will not be able to login on the machine.
Was this article helpful?
