GAT Shield allows admins to set up a rule for the domain users.
It allows the admin to allow users to log in only for a certain period of time.
In Shield under Configuration, select Login Control
Now we can select the Time frame where users will be allowed to log in, the scope outside of the selected time users will not be able to log in.
Login time window (from): – set the start time 0 0 9 ? * MON-FRI *
Login time window (to): – set the finish time 0 0 18 ? * MON-FRI *
Inside this time window, the users will be allowed to log in. A time window during which Shield protected devices can log into your domain.
The users will not be allowed to log in outside the selected time window above.
The times are set and build as Cron expressions select your time frame and place in the fields (from) and (to).
In the case above (0 0 9 ? * MON-FRI * (start from 9AM Monday to Friday) and 0 0 17 ? * MON-FRI * (finish on 5PM Monday to Friday)
There are many options below to be added on the top of the Time windows selected.
- Login area – Select an area, outside of which, Shield devices can not log in to your domain.
- Idle timeout [s] – A period of idle time (in seconds) after which Shield will log the user’s device out of your domain.
- ‘Hard’ logout – If this option is not selected, ‘soft logout’ is the default method. The user will just be logged out of the Google domain sessions on the device.
If ‘hard logout’ is selected the user is logged out entirely from the device (Google domain sessions, personal sessions, Chrome, etc.)
- Login whitelist – If blank GAT Shield will allow all users to log in to your domain from all networks, else only specified.
Use direct (eg. 188.8.131.52) or network addresses (eg. 184.108.40.206/8). All network addresses must end with a CIDR. Use a semicolon to separate addresses.
- Login whitelist exclusions – User(s) exclusions from the whitelist. Overrides the above rule. Start typing for suggestions.
When the time window is selected, click Save for the rule to be applied.
By default, all users on your domain will be affected by the rule.
It might take some time for the rule to propagate to all users