Home > Community > Technology > Security > LocalUser Attributes as Variables for Enforcement

Security

Reply
Topic Options
MVP MVP
MVP
mharing
Posts: 395
Registered: ‎05-09-2013

LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 09:30 AM

I have a customer who wants to have administrative control over how many devices each individual user can use. We are using the LocalUser DB and will be doing user-based authentication. I created an attribute on Local User called "permitted device count". How do I reference that as a variable in Enforcement. 

 

Example:

Authentication: Unique Device Count GREATER THAN {%LocalUser:permitted device count} = Deny Access

 

I've used variables before, but having a hard time with this one.

 

Thanks.


Thank you.
Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Alert a Moderator
Message 1 of 7 (391 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli
Posts: 8,759
Registered: ‎09-08-2010

Re: LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 09:36 AM

Do you see it available in the LocalUser namespace in an enforcement policy?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 2 of 7 (387 Views)
Reply
0 Kudos
MVP MVP
MVP
mharing
Posts: 395
Registered: ‎05-09-2013

Re: LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 09:38 AM

I have the ability to select it from Name, but need a way to reference the Value configured for each Local User. 


Thank you.
Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Alert a Moderator
Message 3 of 7 (384 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli
Posts: 8,759
Registered: ‎09-08-2010

Re: LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 09:39 AM

%{LocalUser:attribute}

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 4 of 7 (377 Views)
Reply
0 Kudos
MVP MVP
MVP
mharing
Posts: 395
Registered: ‎05-09-2013

Re: LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 09:53 AM

Tried adding that, but it did not even recognize it. Do I need to make that an Authorization attribute for it to work? 

 

In Access Tracker, under Computed Attributes I see the configured value, but it doesn't appear to be matching or referencing it during the authentication.

 

I have it currently set to 0, but it allowed me access. 

 

Condition is Greater Than = Deny Access.


Thank you.
Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Alert a Moderator
Message 5 of 7 (364 Views)
Reply
0 Kudos
Guru Elite Guru Elite
Guru Elite
cappalli
Posts: 8,759
Registered: ‎09-08-2010

Re: LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 09:59 AM

Try and just use a role map and = to see if you can get it to match.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Alert a Moderator
Message 6 of 7 (361 Views)
Reply
0 Kudos
MVP MVP
MVP
mharing
Posts: 395
Registered: ‎05-09-2013

Re: LocalUser Attributes as Variables for Enforcement
Options

‎05-15-2017 10:23 AM

I got it working. I utilized the Authorization of unique-device-count and the value is the variable of Permitted Device Count in Local User. Thanks for your help!


Thank you.
Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Alert a Moderator
Message 7 of 7 (345 Views)
Reply
0 Kudos
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2017 Hewlett Packard Enterprise Development LP
Powered by Lithium