With an application access rule, access to individual applications can be secured or limited based on the following conditions:
- Two-factor authentication
- Groups of users
- Location (country)
- Network (IP address / range)
- Time and day of the week (Logon hours)
- Period (between two dates)
- Browser and/or platform
Add an Application Access Rule
- On the HelloID Administrator Dashboard, navigate to Security > Policies > Application Access Rules.
- Click the Add Access Rule button. The Add application access rule wizard will start.
- The first step of the wizard is to determine which type of access rule you wish to create. Select an option and click Next.
- Permit Access: With this type, you set the rules that a user needs to comply with before getting access to the HelloID portal. The user will only gain access to the portal if they comply with all of the rules.
- Deny Access: With this type, you set the rules to deny a user access. If a user complies with these rules (e.g., originating from a specific country), he or she will not get access.
- On the When accessing tab, you may select the application(s) to which these rules apply. For example, you may want to only permit logging into Github during normal work hours.
Choose one or more applications and click Next.
- On the By people tab, you may apply this access rule to only specific groups of users. If you do not make a selection, then the rule is applied to all users. If you wish to limit the rule's application to certain users, enable the Apply this rule to specific user groups option and select the applicable groups. When finished, click Next.
- On the From Locations tab, you may select one or more countries of origin to which this rule will apply. Users who are accessing HelloID from the specified countries will have this rule applied to them. For example, you may want to only allow an application to be accessed by users within a particular country, and not others.
Make a selection as appropriate and click Next.
- On the From Network tab, you may apply this rule to traffic that originates from a specific IP address (192.168.1.1) or IP range (192.168.1.1-192.168.1.254). If you do not specify an IP address or an IP range, then the rule applies to traffic from any IP address. Make a specification here as appropriate and click Next.
- On the At time tab, you may specify a time frame within which the specified applications are accessible or not. For example, you may want to only allow an application to be used during regular business hours. Specify the time restrictions as appropriate and click Next.
- On the Between Dates tab, you may specify the date range within which access to the applications will be allowed or denied. For example, you may wish to deny access to an application during certain holidays or during maintenance windows. Add as many date ranges as you would like and click Next.
- On the Via tab, you may specify the browser or device to which this access rule applies. With this, you may allow or deny access to an application based on browser or mobile devices. This is useful in cases where an application is only compatible with certain browsers. If you wish to do this, enable the Configure to apply this rule based on the web browser and or device option, and then make a selection. Click Next to continue.
- On the Two-factor tab, you may enable two-factor authentication for accessing the specified applications. For example, you may want two-factor authentication enabled for all traffic that does not originate from your organization's network, in order to increase security. If you wish to do this, enable the Activate two-factor option and then select the appropriate options that appear. Click Next to continue.
- On the Rule Name tab, you may override or accept the automatically generated rule name. In this example, we have used a custom name. You may also choose to enable or disable the rule. Click Save to finish.
- The new rule will now be visible in the overview.
Edit or Delete a Portal Access Rule
If you need to make adjustments to a an access rule, or if a rule is no longer needed, you may edit or delete the rule. On the HelloID Administrator Dashboard, navigate to Security > Policies > Application Access Rules. Find the rule that you wish to edit or delete, and then click the appropriate link underneath the Actions column.