To add a user whose login to Client computers will be allowed only during specific hours/days/dates, outside of which approval (by a trusted user) will be required each time they log in, do the following:
1. Log in to the Management Tool as a user with the administrative User Management permission.
2. Click the Access Management navigation link on the left.
3. On the Access Management page, select the Endpoint Access Control tab, and then click the Add User button in the top right of the page.
4. In the Add User pop-up window that opens, on the General tab, in the User with Restricted Access Rights section at the top, first select the user type in the User Type drop-down list, and then define the following information:
- For an Active Directory user, select the domain name and the user login name.
- For a Local computer user, select the computer name and the user login name.
- For an Ekran System user for secondary authentication, select the user login name.
- For a Linux user, select the user login name.
5. In the Accessed Computer with Installed Client section, select one of the following options:
- For a Linux user or Ekran System user for secondary authentication, to restrict access to all computers, select Any computer in the Computer Type drop-down list.
- For an Active Directory user or Ekran System user for secondary authentication, to restrict access to a specific computer or computer group, select Selected computer in the Computer Type drop-down list, and then select the required domain name and the name of computer / computer group.
- For an Active Directory user, Linux user, or Ekran System user for secondary authentication, to restrict access to computers of the specific Client group, select Computers from Client group in the Computer Type drop-down list, and then select the required Client group.
NOTE: Access will only be restricted for computers with Clients installed on them.
6. In the Users Who Can Approve Access section, select the trusted users (i.e. Approvers) who will be able to process the user's requests for access outside of the specified hours/days/dates (Approvers can process requests either by using the link in the emails they receive, or by way of the Access Requests tab on the Access Management page).
NOTE: For internal users to receive the email requests correctly, make sure that on the User Details tab, on the Editing User page, valid email addresses are specified.
NOTE: By default, if a request is not processed within 30 minutes after it has been submitted, it will automatically expire. These settings can be changed on the System Settings tab, on the Configuration page.
7. On the Restriction Types tab, select the Allow access without approval during work hours option, and define the dates, time (hours), and days of the week during which access to Client computers will be permitted without approval.
8. Click Save.
9. The user is then added to and displayed in the list of users in the grid, and on all subsequent logins, will only be able to log in to the Client computers without approval during the hours/days/dates defined (while if the user attempts to log in to the Client computers outside of the defined hours/days/dates, approval will be required).