- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
05-15-2017 09:30 AM
I have a customer who wants to have administrative control over how many devices each individual user can use. We are using the LocalUser DB and will be doing user-based authentication. I created an attribute on Local User called "permitted device count". How do I reference that as a variable in Enforcement.
Example:
Authentication: Unique Device Count GREATER THAN {%LocalUser:permitted device count} = Deny Access
I've used variables before, but having a hard time with this one.
Thanks.
Michael Haring
ACMP, ACCP, BCNE, CCENT, Palo Alto ACE 7.0
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: LocalUser Attributes as Variables for Enforcement
Re: LocalUser Attributes as Variables for Enforcement
05-15-2017 09:36 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: LocalUser Attributes as Variables for Enforcement
Re: LocalUser Attributes as Variables for Enforcement
05-15-2017 09:38 AM
I have the ability to select it from Name, but need a way to reference the Value configured for each Local User.
Michael Haring
ACMP, ACCP, BCNE, CCENT, Palo Alto ACE 7.0
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
05-15-2017 09:39 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: LocalUser Attributes as Variables for Enforcement
Re: LocalUser Attributes as Variables for Enforcement
05-15-2017 09:53 AM
Tried adding that, but it did not even recognize it. Do I need to make that an Authorization attribute for it to work?
In Access Tracker, under Computed Attributes I see the configured value, but it doesn't appear to be matching or referencing it during the authentication.
I have it currently set to 0, but it allowed me access.
Condition is Greater Than = Deny Access.
Michael Haring
ACMP, ACCP, BCNE, CCENT, Palo Alto ACE 7.0
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: LocalUser Attributes as Variables for Enforcement
Re: LocalUser Attributes as Variables for Enforcement
05-15-2017 09:59 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: LocalUser Attributes as Variables for Enforcement
Re: LocalUser Attributes as Variables for Enforcement
05-15-2017 10:23 AM
I got it working. I utilized the Authorization of unique-device-count and the value is the variable of Permitted Device Count in Local User. Thanks for your help!
Michael Haring
ACMP, ACCP, BCNE, CCENT, Palo Alto ACE 7.0
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator