To add a user whose login to Client computers will be allowed only during a specific period of time, outside of which additional approval on login will be required, do the following:
1. Log in to the Management Tool as a user with the administrative User Management permission.
2. Click the Access Management navigation link on the left.
3. On the Access Management page, select the Endpoint Access Control tab, and then click the Add User button in the top right of the page.
4. In the Add User pop-up window that opens, on the General tab, in the User with Restricted Access Rights section at the top, first select the user type in the User Type drop-down list, and then define the following information:
- For an Active Directory user, select the domain name and the user login name.
- For a Local computer user, select the computer name and the user login name.
- For an Ekran System user for secondary authentication, select the user login name.
- For a Linux user, select the user login name.
5. In the Accessed Computer with Installed Client section, select one of the following options:
- For a Linux user or Ekran System user for secondary authentication, to restrict access to any computer, select Any computer in the Computer Type drop-down list.
- For an Active Directory user or Ekran System user for secondary authentication, to restrict access to a specified computer or computer group, select Selected computer in the Computer Type drop-down list, and then select the required domain name and the name of computer / computer group.
- For an Active Directory user, Linux user, or Ekran System user for secondary authentication, to restrict access to computers of the specific Client Group, select Computers from Client group in the Computer Type drop-down list, and then select the required Client group.
NOTE: Access will only be restricted for computers with Clients installed on them.
6. In the Users Who Can Approve Access section, select the trusted users who will be able to process the user's access request outside of the specified time period. Approvers can process requests either by email or on the Access Requests tab on the Access Management page.
NOTE: For internal users to receive the email request correctly, make sure that on the User Details tab, on the Editing User page, valid email addresses are specified.
NOTE: By default, if a request is not processed within 30 minutes after it has been submitted, it will automatically expire. You can change these settings on the System Settings tab on the Configuration page.
7. On the Restriction Types tab, select the Allow access without approval during work hours option and define the dates, days of the week and times during which access to Client computers is permitted without additional approval.
8. Click Save.
9. The user is then added to and displayed in the list of users in the grid. On the next login, they will be able to log in to the Client computers without additional approval only during the defined time period. If the user attempts to log in to the Client computer outside of the defined time period, approval will be required.