I would like to know if we are able to restrict access for set of users or contractors accessing the App Portal in their machine. In my case, my contractor is able to access the App Portal and place a software request in his NONE company's computer which this is not the way.
‎Sep 16, 2021 09:44 PM
Hi Ganesh,
I'm assuming that the user is authenticating with AppBroker as defined here:
https://docs.flexera.com/appportal/2021r1/ag/Content/helplibrary/AP_Settings_SSO.htm?Highlight=authentication
If the device is a non-work device and receives a software package, then it may not be of concern in licensing terms, for your company. If it is a package that contains data that should not be outside of the company, then this is not the case.
In this case, I believe you can use Catalog Security:
https://docs.flexera.com/appportal/2021r1/ag/Content/helplibrary/APR_CatSecurity.htm
to ensure that the device / user must be a AD member or in a AD group before AppBroker will authorise a deployment.
Please review the documentation in the links above.
‎Sep 20, 2021 07:50 AM
First, please note that App Portal doesn't deploy software. SCCM (or another deployment system) deploys the software to computers. If the contractor's computer is not managed by your deployment system, it should not even show up in App Portal, but even if it did, App Portal would not allow you to select that non-managed device as a target for the software request. And even if it got through that part of the checkout somehow, the deployment system would never be able to deploy software to it. Is this a request for a general catalog item rather than a software catalog item? If so, then the request isn't tied to a specific device, only to the user, and it wouldn't deploy software (unless you've configured some sort of custom actions on the catalog item). In short, no matter where a user requests software from, they cannot request a software catalog item to be deployed to a device that isn't managed by your deployment system.
Having said that, I'll point out a couple related features that you may be interested in configuring:
Edit: Oops, just realized Bob already mentioned the Catalog Security option. Sorry, Bob.
‎Dec 27, 2021 02:28 PM - edited ‎Dec 27, 2021 02:30 PM
Hi Ganesh,
I'm assuming that the user is authenticating with AppBroker as defined here:
https://docs.flexera.com/appportal/2021r1/ag/Content/helplibrary/AP_Settings_SSO.htm?Highlight=authentication
If the device is a non-work device and receives a software package, then it may not be of concern in licensing terms, for your company. If it is a package that contains data that should not be outside of the company, then this is not the case.
In this case, I believe you can use Catalog Security:
https://docs.flexera.com/appportal/2021r1/ag/Content/helplibrary/APR_CatSecurity.htm
to ensure that the device / user must be a AD member or in a AD group before AppBroker will authorise a deployment.
Please review the documentation in the links above.
‎Sep 20, 2021 07:50 AM
First, please note that App Portal doesn't deploy software. SCCM (or another deployment system) deploys the software to computers. If the contractor's computer is not managed by your deployment system, it should not even show up in App Portal, but even if it did, App Portal would not allow you to select that non-managed device as a target for the software request. And even if it got through that part of the checkout somehow, the deployment system would never be able to deploy software to it. Is this a request for a general catalog item rather than a software catalog item? If so, then the request isn't tied to a specific device, only to the user, and it wouldn't deploy software (unless you've configured some sort of custom actions on the catalog item). In short, no matter where a user requests software from, they cannot request a software catalog item to be deployed to a device that isn't managed by your deployment system.
Having said that, I'll point out a couple related features that you may be interested in configuring:
Edit: Oops, just realized Bob already mentioned the Catalog Security option. Sorry, Bob.
‎Dec 27, 2021 02:28 PM - edited ‎Dec 27, 2021 02:30 PM