Using a Sample Policy Script

Admin Portal provides these sample scripts that you can use to indicate specific circumstances for which users cannot launch an application or they need to provide additional authentication details before they can launch the application.

When handling external access, this is defined as users who are logged in from outside of the defined Corporate IP Range (in Settings).

  • Block by AD groups: This script blocks external access to an application for users in a specific Active Directory group.

  • Block by country: This script blocks external access to users not in the specified country. The country is determined from the IP address.

  • Block by role: (requires role specification) This script blocks access to the application for users in a specified role.

  • Block by time: This script blocks access to the application at all times for users logging in outside of the corporate intranet and allows internal access to the application only during business hours as specified in the policy.

  • Require strong auth for unmanaged devices: This script determines if the user is logging in from a mobile device that is known about and enrolled in the Privileged Access Service. If the device is not enrolled in the Privileged Access Service, the user must supply additional authentication details in order to launch the specified application.

  • Using custom user attributes: This script defines how a custom user attribute should be used to launch the specified application. For example, you can define that only users where IsFull_TimeEmployee (the custom user attribute) equals true can launch the application.

  • Starter sample: This script provides an example of what you can do in a policy script.

To use a sample authentication policy script:

  1. From the Apps page in Admin Portal, open an application and go to the Policy tab in the Application Settings dialog box.

  2. Click Load Sample.

  3. Select the desired script and click Load.

The sample script displays in the Script field of the Policy tab. You can then test the script to see the results, or simply save the script and other application settings.