Configure a private access control rule to control access to your organization's internal apps based on user, device, time, and location.
Trend Vision One automatically creates a default private access rule to apply whenever no other private access rules are matched. The default rule blocks all access to configured internal apps.
The rule configuration screen appears with the Internal app access rule template selected.
You can also enable or disable rules on the Secure Access Rules tab.
Rule Factor |
Description |
Options |
---|---|---|
Source |
The users, devices, and locations that the rule applies to |
User/user groups Specify users and groups from your IAM system. Note:
If you have configured more than one IAM system, the IAM system with SSO enabled applies. |
Device posture profile Select the device posture profile to include devices in the rule enforcement. Note:
This option only applies to private access initiated with the Secure Access Module. This means that end users can launch their allowed browser access enabled applications from the user portal, regardless of the security posture of the their devices. To add a device posture profile, click Add customer device posture profile. |
||
Locations Specify public/home network locations defined by IP address groups or geographic regions.
|
||
Destination |
The internal apps that the rule applies to |
Applications Specify previously configured internal applications. Tip:
To add an internal app, click Add Internal Application on the Select Apps screen. For more information, see Adding an Internal Application to Private Access. |
Schedule |
The weekly period that the rule is applied |
To configure the recurrence of the schedule, select Only apply the rule during the specified period, and then select a start date and end date. Note:
The schedule uses the defined time zone of the console. |
Action |
The action taken when the rule is triggered |
Access control Allow, block, or monitor access to internal applications. Note:
Select Monitor Internal App Access to allow the internet access but log the activity. For more information about actions, see Zero Trust Actions. |
The rule is successfully created and listed on the Private Access Control screen.