I recently have a need to setup time-based restriction such that users are unable to log on between 7am to 7pm Mon-Fri. However I tested and found that user logged on before 7am, i.e. 6:59 or before, can last the session after 7am.
May I know if it's a known issue and if there is a workaround on this?
Thank you in advance.
The IVE does not have the capability to do this itself (good idea; can you work with your account team for an enhancement request?).
However, it is possible to do part of this if you are connecting to an LDAP server and have the logon restriction time set there OR another attribute with this data set. You would make sure to query this attribute at logon, meaning make sure it is added to your server catalog, and then it will be checked when users login. Then as part of your role mapping rule, use a custom expression to check for this value and make sure it is an accurate time to allow logon.
It is not possible to terminate a user session at a specific time; however, you can make it not possible to access resources by using detailed rules and using the time value, which will not permit access between the hours you define.
Thanks Zanyterp for your advice. I do think it's a bit interesting to implement this. Will find a way on AD then.