- Grant Access Control case by case
Access Control
With StoneGate SSL VPN, you are not limited to application access, file shares and client-server
applications can be accessed as well.
StoneGate SSL VPN provides granular and flexible access control. Access to certain applications can be granted or denied according to the following parameters. Parameters can be used in combination. Access can also be granted for each application separately.
- Authentication Method
- User Group Membership
- IP Address of Incoming Client
- Client Devices
- User Storage
- Assessment
- Abolishment
- Access Point
-
Identity Provider
-
Access Control in Detail
| Authentication method | Allows access to the resource if the user is authenticated with the defined authentication methods. |
| User group membership
|
Allows access to the resource if the user belongs to a certain user
group. Several user groups can be used in combination, using arguments AND and/or OR.
|
| IP address of incoming client | Allows access to a resource if the incoming client comes from a
specified IP address (or range of IP addresses).
|
| Client devices | Allows access if the user uses a specified device, for example Web or
WAP.
|
| Date, day, and/or time | Allows access to a resource protected by the access rule if the access occurs during a specified time. |
| User storage | Allows access to a resource if the user is stored in a specified user
storage location.
|
|
Assessment
|
Allows or denies access to a resource if the result of a scan of the
client computer matches specified client data requirements.This access rule can be plug-in-based or
customized.
|
|
Abolishment
|
Allows access to a resource if the listener that will be
collecting information about the client is active. When the session ends, abolishment is performed
on the client. Abolishment can be configured to allow the user to decide whether created, changed,
or downloaded files should be deleted or not.
|
|
Access point
|
Allows access to a resource if the request comes through a specified access point. |
| Identity provider
|
Allows access to a resource if the request comes through a specified identity provider. |