Set Times Authenticated Users can Access the Secure Network

Specify or restrict what days and times authenticated users can log in to access resources on your secure network by setting up Access Windows.

For example, you can use Access windows to:

  • Allow one-time access for a vendor
  • Restrict access to a resource except during defined maintenance windows.
Supported Versions

2.2.10 and later Conductor

Required Role
System and network administrators
Note: If a person is a member of multiple people groups with different Access windows, their session length will be either the longest available window, or the session length (which defaults to 24 hours), whichever is shorter. Multiple authentication tags will end according to the expiration you set (if any) for each Access window.

Set Access Windows (v3.1.0 and later)

  1. Log in to the Conductor as a system or network administrator.
  2. Create or open the people group for which you want to control access. (To create a group, see Set up a People Group.)
  3. Open the Airwall agent authentication tab.
  4. Select Edit Edit icon - pencil, then select Add access window.
  5. For Type, select the type of window you want to create:
    • Weekly – Specify days of the week.
    • Monthly – Specify dates each month. For example, the 1st and 15th.
    • Monthly day – Specify a day each month. For example, the 2nd Tuesday of the month.
    • Date range – Specify a range of dates. You can use Date range to give someone one-time access to resources.
  6. For Blocked, leave clear to allow access, or check to block access for the specified window.
    Note: If you set overlapping Allowed and Blocked Access windows for a People group, access will always be blocked during the overlapping times and removes authentication tags. However, if a person is in another People group that gives them access during that time, it does not block their access through the other People group's Access window.
  7. Under Window, choose the options for your chosen Access window type.

    For example, for a Weekly Access window, you enter the days and time on those days to grant or block access. This Weekly Access window blocks access on the weekends:

    People group Airwall agent authentication tab showing blocking access on weekends

  8. Under Time zone, assign a Time zone for this People group's access windows. You can set different time zones for different People group's Access Windows.
  9. To add more Access Windows for the group, select Add access window and repeat.
  10. Select Save.
  11. If you want to manage trust for this People group using tags, under Authentication tags, enter the tags you want to use to manage trust.
    Note: Make sure the tags you create are not being used elsewhere in the Conductor, as manually-added tags are also removed if they are the same as these conditional tags.
    Note: The Conductor adds the Authentication tags you’ve created for a people group to the person’s Airwall Agent when they authenticate, and removes the tags when they log out. You can see the authentication tags on a person’s Airwall Agent page under Tags. Combined with smart device groups, you can use these tags to dynamically create trust. See Managing devices dynamically with Smart Device Groups.

Set Access Windows (v3.0.3 and earlier)

  1. Log in to the Conductor as a system or network administrator.
  2. Create or open the people group for which you want to control access. (To create a group, see Set up a People Group.)
  3. Open the Airwall agent authentication tab.
  4. Select Edit Edit icon - pencil, then select the plus sign (+) to add an Access window.
  5. For Blocked, leave clear to allow access, or check to block access for the specified window.
    Note: If you set overlapping Allowed and Blocked Access windows for a People group, access will always be blocked during the overlapping times and removes authentication tags. However, if a person is in another People group that gives them access during that time, it does not block their access through the other People group's Access window.
  6. For Type, select the type of window you want to create:
    • Weekly – Specify days of the week.
    • Monthly – Specify dates each month. For example, the 1st and 15th.
    • Monthly day – Specify a day each month. For example, the 2nd Tuesday of the month.
    • Date range – Specify a range of dates. You can use Date range to give someone one-time access to resources.
  7. Under Window, choose the options for your chosen Access window type.

    For example, for a Weekly Access window, you enter the days and time on those days to grant or block access. This Weekly Access window blocks access on the weekends:

    People group Airwall agent authentication tab showing blocking access on weekends

  8. Select the plus sign (+) to add more Access Windows for the group. Select the binoculars Close edit icon (binoculars) to leave editing mode.
  9. Under Time zone, assign a Time zone for this People group's access windows. You can set different time zones for different People group's Access Windows.
  10. If you want to manage trust for this People group using tags, under Authentication tags, enter the tags you want to use to manage trust.
    Note: Make sure the tags you create are not being used elsewhere in the Conductor, as manually-added tags are also removed if they are the same as these conditional tags.
    Note: The Conductor adds the Authentication tags you’ve created for a people group to the person’s Airwall Agent when they authenticate, and removes the tags when they log out. You can see the authentication tags on a person’s Airwall Agent page under Tags. Combined with smart device groups, you can use these tags to dynamically create trust. See Managing devices dynamically with Smart Device Groups.
  11. If you are creating a new People group, select Create. If you are editing an existing group, select Save.