Security

Reply
MVP
Posts: 395
Registered: ‎05-09-2013

LocalUser Attributes as Variables for Enforcement

I have a customer who wants to have administrative control over how many devices each individual user can use. We are using the LocalUser DB and will be doing user-based authentication. I created an attribute on Local User called "permitted device count". How do I reference that as a variable in Enforcement. 

 

Example:

Authentication: Unique Device Count GREATER THAN {%LocalUser:permitted device count} = Deny Access

 

I've used variables before, but having a hard time with this one.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: LocalUser Attributes as Variables for Enforcement

Do you see it available in the LocalUser namespace in an enforcement policy?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 395
Registered: ‎05-09-2013

Re: LocalUser Attributes as Variables for Enforcement

I have the ability to select it from Name, but need a way to reference the Value configured for each Local User. 


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: LocalUser Attributes as Variables for Enforcement

%{LocalUser:attribute}

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 395
Registered: ‎05-09-2013

Re: LocalUser Attributes as Variables for Enforcement

Tried adding that, but it did not even recognize it. Do I need to make that an Authorization attribute for it to work? 

 

In Access Tracker, under Computed Attributes I see the configured value, but it doesn't appear to be matching or referencing it during the authentication.

 

I have it currently set to 0, but it allowed me access. 

 

Condition is Greater Than = Deny Access.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: LocalUser Attributes as Variables for Enforcement

Try and just use a role map and = to see if you can get it to match.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 395
Registered: ‎05-09-2013

Re: LocalUser Attributes as Variables for Enforcement

I got it working. I utilized the Authorization of unique-device-count and the value is the variable of Permitted Device Count in Local User. Thanks for your help!


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: