With a portal access rule, access to your HelloID instance portal can be secured or limited based on the following conditions:
- Two-factor authentication
- Groups of users
- Location (country)
- Network (IP address / range)
- Time and day of the week (Logon hours)
- Period (between two dates)
- Browser and/or platform
Add a Portal Access Rule
- On the HelloID Administrator Dashboard, navigate to Security > Policies > Portal access rules.
- Click the Add Access Rule button. The Add portal access rule wizard will start.
- The first step of the wizard is to determine which type of access rule you wish to create. Select an option and click Next.
- Permit Access: With this type, you set the rules that a user needs to comply with before getting access to the HelloID portal. The user will only gain access to the portal if they comply with all of the rules.
- Deny Access: With this type, you set the rules to deny a user access. If a user complies with these rules (e.g., originating from a specific country), he or she will not get access.
- On the When accessing tab, you may select the Identity Provider to which these rules apply. For example, you may want to only permit logging in with the Active Directory Federation Services IdP when users are inside of your network.
Choose an option here, if applicable, and click Next.
- On the By people tab, you may apply this access rule to only specific groups of users. If you do not make a selection, then the portal is applied to all users. If you wish to limit the rule's application to certain users, enable the Apply this rule to specific user groups option and select the applicable groups. When finished, click Next.
- On the From Locations tab, you may select one or more countries of origin to which this rule will apply. Users who are accessing the portal from the specified countries will have this rule applied to them. For example, you may want to only allow portal access to users within your own country.
Make a selection as appropriate and click Next.
- On the From Network tab, you may apply this portal access rule to traffic that originates from a specific IP address (192.168.1.1) or IP range (192.168.1.1-192.168.1.254). If you do not specify an IP address or an IP range, then the rule applies to traffic from any IP address. Make a specification here as appropriate and click Next.
- On the At time tab, you may specify a time frame within which this portal access rule is applied. For example, you may want to only permit portal access during regular business hours. Specify the time restrictions as appropriate and click Next.
- On the Between Dates tab, you may specify the date range within which the portal access rule will apply. For example, you may wish to deny portal access during certain holidays or during maintenance windows. Add as many date ranges as you would like and click Next.
- On the Via tab, you may specify the browser or device to which this portal access rule applies. With this, you may allow or deny access to only certain browsers or mobile devices. If you wish to do this, enable the Configure to apply this rule based on the web browser and or device option, and then make a selection. Click Next to continue.
- On the Two-factor tab, you may enable two-factor authentication for accessing your HelloID portal. For example, you may want two-factor authentication enabled for all traffic that does not originate from your organization's network, in order to increase security. If you wish to do this, enable the Activate two-factor option and then select the appropriate options that appear. Click Next to continue.
- On the Rule Name tab, you may override or accept the automatically generated rule name. You may also choose to enable or disable the rule. Click Save to finish.
- The new rule will now be visible in the overview.
Edit or Delete a Portal Access Rule
If you need to make adjustments to a portal access rule, or if a rule is no longer needed, you may edit or delete the rule. On the HelloID Administrator Dashboard, navigate to Security > Policies > Portal Access Rules. Find the rule that you wish to edit or delete, and then click the appropriate link underneath the Actions column.