cancel
Showing results for 
Search instead for 
Did you mean: 

Exception list for Host Checker

New Contributor

Exception list for Host Checker

I'm about to turn on enforcement for host checker, we are currently having it alert, but we all know people ignore the alerts and when we do turn on enforcement there will be a few people that NEED to sign into VPN, is there a way to make an AD group an exception to host checker? If not, can I have two mirrored realms (with the exact same mappings) for those that need to sign in and are non-compliant?

 

 

Thank you everyone. This forum helps a LOT.

Tags (1)
1 REPLY 1
Highlighted
Moderator

Re: Exception list for Host Checker

AD group exception: short answer, no (see long answer below)
two mirrored realms: short answer, no (see long answer below)

Long answer:
There are a few options available for achieving the end-goal of having a subset of users _always_ having access to login, despite the security posture. Some of the off-the-cuff options are:
custom expressions that map based on the Host Checker result
dual realms - one that has Host Checker required and enforced and one that either has no requirements _or_ set to evaluate only (making sure that the more restrictive is at the top of the list on the URL)
dual roles - one that has Host Checker enforced and one that does not

if you have further questions, please let us know; alternately, you can always open a case with support in the event it is not working the way you want