How to restrict access to the Portal?
It is important to have at least one admin user with the scope Admin without setting. Without this, all users will be able to access the portal with their accounts.
1) Go to Settings -> Site Security then click Add.
This table is used to restrict and permit users and groups access to the different areas of the portal. The portal is composed of 2 areas:
- General Admin Area - the general administration section in which operators can manage devices and policies. This also includes the Reports and Support & Maintenance menus.
- Settings Admin Area -the settings administration section in which system administrators can configure the SphereShield suite components.
This table defines the access scope permissions. Each scope that not explicitly defined will allow any user access.
The access levels are:
- Admin without Settings - only these users and groups may view the General Admin area, but do not have access to the Settings Admin area.
- Admin with Settings - only these users and groups may view the General Admin area including access to the Settings Admin area.
- Admin Selective Menu Items - users and groups that can view only specific menu items from the Admin portal admin area.
If a user is defined in more than one group than the group with the widest scope of access will be applied.
There are three types of access scopes. With the exception of selective menu, any scope that hasn't been defined to a specific group or user means that all users are able to access.
However for Admin without settings and for Admin with settings (Full admin) a group is needed.
2) Once the Add window is open, select the scope you wish to define
3) Choose the access type: Groups or Users
4) Start typing the name of the group
Note that the same group can be defined for both admin with settings and admin without settings to prevent users from entering restricted sections.
If the same group is defined for multiple scopes, then the higher privilege settings takes precedence.
E.g. Setting admin with settings and admin without settings to the group Domain admins means that the Domain admins group will have access to the entire Admin portal site.
At least one scope set to "Admin without settings" is required for that restriction to take effect.
5) To restrict access to information for a user that is a member of a team, configure "Users can only see Teams they have permissions on" to "Yes" in the top menu: