A desktop access policy controls user access to VDI desktops through clients.
Desktop access policies include the following types:
Access time control policy—Limits the time when users can access desktops.
IP control policy—Limits the IP addresses that users use to access desktops.
Access time and IP control policy—Limits both the access time of users and the IP addresses of the endpoints used by the users.
If both the access time and IP addresses are limited, the following rules apply:
For a user who uses an endpoint IP address specified in a rule of the effective access policy:
If the rule type is Allowlist, the user can access a desktop within the allowed time periods.
If the rule type is Denylist, the user cannot access desktops.
For a user who uses an endpoint IP address not specified in any rules of the effective access policy:
If the rule type is Allowlist, the user cannot access desktops.
If the rule type is Denylist, the user can access the desktop within the allowed time periods.
Actions in the rules of a desktop access policy cannot be the same as the default action of the access policy.
Perform this task to create a desktop access policy. The policy settings include time periods and IP addresses allowed access to desktops through clients.
From the left navigation pane, select Policies > Security Policies > Access Policies > Desktops.
Click Create. Configure the access policy parameters.
Click Add Allowlist or Add Denylist, and configure the rule parameters.
Click OK.
Name: Name of the desktop access policy.
Description: Description of the desktop access policy.
Select Desktops/Desktop Pools: Select the desktops and desktop pools to apply the access policy. Only VDI desktops and desktop pools can be selected.
Access Time: Configure the time when users matching the access policy can access desktops. Options include the following:
Not Limited—The access time is not limited. This is the default setting.
Weekly—Users that match the access policy can access desktops at the specified time of the specified days. You can specify multiple time periods. The accessed users will be logged out forcibly at the non-specified time period.
Daily—Users that match the access policy can access desktops at the specified time of a day. You can specify multiple time periods. The accessed users will be logged out forcibly at the non-specified time period.
Endpoint Access Control: Allow or deny the endpoint IP address of a user to log in to the desktop within the specified time period .
Start IP: Enter the start IP for the allowlist or denylist rule.
End IP: Enter the end IP for the allowlist or denylist rule..
From the left navigation pane, select Policies > Security Policies > Access Policies > Desktops.
Click Edit in the Actions column for a desktop access policy.
Edit the access policy and rule parameters, and then click OK. For more information about the parameters, see “Parameters.”
From the left navigation pane, select Policies > Security Policies > Access Policies > Desktops.
Delete desktop access policies in the following methods:
Bulk delete desktop access policies—Select one or more desktop access policies from the access policy list, and then click Delete. Click OK in the confirmation box.
Delete a specific desktop access policy—Click Delete in the Actions column for a desktop access policy, and then click OK in the confirmation dialog box.
From the left navigation pane, select Policies > Security Policies > Access Policies > Desktops.
Click a desktop access policy name, and view the desktop access policy details in the dialog box that opens.
Click Back to return to the desktops access policy list page.