Conditional Access to User Accounts
  • 18 Jun 2024
  • 2 Minutes to read
  • PDF

Conditional Access to User Accounts

  • PDF

Article summary

With Keycard, IT admins can configure specific conditions from the Scalefusion Dashboard. These parameters determine the users' ability to log in to their accounts on the device. To conditionally manage the user login access, following parameters can be enforced: 

  • Location
  • IP Range
  • Wifi SSIDs
  • Day & Time

To configure,

  1. In Keycard configuration window, navigate to Conditional Access on the left panel.
  2. Clicking on the + sign will expand and list the parameters.
  3. Enable the condition by putting the respective toggle to On in front of each setting.

Location

The user will be allowed to login only from the geofences selected here. Select geofence from the drop-down, and they will be displayed in the section below. To remove any geofence from the list, click on the cross next to it. To configure this setting, geofences should be already created on the account otherwise you will not be allowed to enforce location.

Points to Note:
  1. If you have configured Location API in Device Profile, then that selected API will be considered for location conditional access.
  2. If no Location API is configured in device profile, Webview2 API will be considered for Location condition check
  3. If Location is tracked by Webview2 API, then Location condition check is performed post login of user.


If the specified condition is not met, following pop-up will be displayed to the user:


User already logged in User Not Logged in 

 IP Range

Enter the IP ranges and the user(s) will be allowed to login within those specified ranges. To give range, click on Add Range link. This will add a new row below. Here, select Type from IPv4 and IPv6, give start and End IP address. The IT admins can click on the delete icon under Actions if any particular IP range has to be removed. Click on Add range to configure multiple IP ranges. Note: The IP addresses should be valid.

If the specified condition is not met, the following pop-up will be displayed to the user:
User already logged in User not logged in 

Wi-Fi SSIDs

Enter the Wifi and the user will be allowed to login from the specified Wifi connection. To give Wifi SSID, click on Add Wifi SSID link. This will add a new row below. Enter a valid Wifi SSID. The IT admins can click on the delete icon under Actions if any particular Wifi has to be removed. To add more Wifi SSIDs, keep clicking on Add Wifi SSID link.  
If the conditions are not met, following pop-up will be displayed to the user:

User already logged in

 

User not logged in

 


 

Day & Time 

Configure the Time schedule in which user account is allowed to login. Select the following:

  1. Start Time & End Time
  2. Timezone: You can either choose to use device's local timezone or select it manually from the drop-down. 
  3. Select Days: Select particular day(s) from Sunday to Saturday
    If the conditions are not met, following pop-up will be displayed to the user:
    User not logged in

     

    User not logged in

     


     

     

  • Auto Logoff/Force Restart if violation detected: If this checkbox is selected, the system will automatically log off if there is a violation (condition is not met).
     
  • For any condition, if there are multiple entries (for eg. multiple IP Ranges) and even if one of them is fulfilled, it will not be considered as violation. 
  • If one or more parameters in conditional access are configured, and even if one is not fulfilled, it will be considered as a violation and user will not be able to login on the machine.

Was this article helpful?

What's Next