Security

Reply
Highlighted
Occasional Contributor I

Onboard device restriction with exception

Hi

 

Customer want to restrict all employee onboarded device count max 3, but they also want to extend this policy for vip users like 5

 

I configured onboard provisioning settings max device as 5, I created a rule like authorization:endpoint_repository unique device count greater than 3 and authorization groups not equals vipusers [deny application access profile] I used this rule at application service, I tested but still users can onboard more than 3 device

 

How can I create and use exceptional onboard device rules?


Accepted Solutions
Highlighted

Re: Onboard device restriction with exception

You could also try applying the the below Max device limit enforcement for the employees in the OnBoard Authorization(application) service. This would restrict the non VIPs provisioning limit.

 

device_limit.jpg

E.g:

 "Authorization:AD Groups Not Equals VIP" apply OnBoard Device limit.


Thank you,
Saravanan

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post


All Replies
Highlighted
Moderator

Re: Onboard device restriction with exception

Exceptions should be done based on users, not devices.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted

Re: Onboard device restriction with exception

You could also try applying the the below Max device limit enforcement for the employees in the OnBoard Authorization(application) service. This would restrict the non VIPs provisioning limit.

 

device_limit.jpg

E.g:

 "Authorization:AD Groups Not Equals VIP" apply OnBoard Device limit.


Thank you,
Saravanan

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

View solution in original post

Highlighted
Contributor I

Re: Onboard device restriction with exception

We created 2 provisioning profiles, one containing the 3 limit (standard) and one containing the 5 limit (VIP). All other settings were the same.

 

In the Onboard pre-auth application service, we created an authorisation check that matched a valid VIP AD group and that resulted in the VIP provisioning profile being assigned therefore allowing more devices. All other users got the standard profile.

Highlighted
Occasional Contributor I

Re: Onboard device restriction with exception

Thank you Saravanan It worked :)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: