Im trying to follow this article
But I cant seem to figure it out.
I dont want to restrict all users
I would like to set up restrictions for Non-Exempt employees so they cannot authenticate after a certain time.
I have a windows security group (Non-exempt Employees) that I have added those users to.
Im lost on how to add this to an exsisting realm.
Currently we have a VPN users group with everyone in it and assing a role and NO time constraints
I made a custom expression with the group and the hours,
If matches the "during hours" expression then they get the role assigned . If matches "after hours" expression they get no role assigned.
e.g.: groups = ('VPN_Exemptusers') AND loginTime != (7:00AM to 7:00PM)
Keep in mind this doesn't dsconnect users who were active from before.
I created another realm (just copied my exsisting) sO I can test. Same LDAP settings
In Role Mapping I created two rules
matches expression "VPN Allow Login Window"
XPRession: groups="Test VPN Users" AND loginTime = (6:00AM TO 9:00PM):
assign these roles - Users Role
matches expression "VPN Not Allow Login Window"
XPRession: groups="Test VPN Users" AND loginTime != (6:00AM TO 9:00PM)
Assing no role
When I test my user account after being moved from the VPN allowed users security group to the Test VPN Users group the logs show
"Login failed. Reason: No Roles"
What am I missing?