This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restrict App Portal Access For Group of Users

Jump to solution
joan_mckinley
By
Level 6

We need to restrict access to the App Portal web page for a group of users.  We have an AD group create that includes all users we want to have access and excludes the users we don't want to have access.

We have followed this KB Managing Catalog Permissions (flexera.com) but our user can still get to the home page and see tabs at the top.  They see these tabs at the top and can click on them: My Apps, Processed and Approve/Reject although they are blank.

We use user-based licenses.  In the past, we recall users receiving a message similar to: "You do not have a license to access this web page".  We tried changing our custom User Sync as well to include the MECM collection which does not include these users.

Do you have any ideas?

Thanks,

Joan

‎Oct 12, 2023 02:24 PM

0 Kudos
(1) Solution

Jump to solution
CharlesW
By Level 12 Flexeran
Level 12 Flexeran
In response to joan_mckinley

Well, perhaps I should correct myself. The licensed collection does actually work with a user based license, but it does not allow you to evaluate a user based collection. You could still use a device based collection, and it would work to block access to those devices in the collection. 

While catalog security will prevent users from browsing/requesting software, it does not prevent them from accessing the site. To do this, you'd probably need to do something outside of App Broker..  For instance, I think that you could use .NET Authorization Rules.  The following is a brief overview:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831722(v=ws.11)

I'd expect that it should look something similar to the following, where "BadPeopleGroup" is the name of the AD group containing users that should not have access.
rule.png

 

 

View solution in original post

‎Oct 13, 2023 02:12 PM - edited ‎Oct 13, 2023 02:14 PM

(4) Replies

Jump to solution
TeriStevenson
By
Level 9

I think you should be able to use an Exclude Condition in the General tab of the Site Management > Settings > Web Site .  We use an exclude condition to exclude servers from App Portal and it works.  General Tab (flexera.com)

‎Oct 13, 2023 11:07 AM

0 Kudos

Jump to solution
joan_mckinley
By
Level 6

We tried that but it didn't work - we have user-based licensing.  I found this in a previous post (attached screenshot).

‎Oct 13, 2023 11:52 AM

Preview file
62 KB
0 Kudos

Jump to solution
CharlesW
By Level 12 Flexeran
Level 12 Flexeran
In response to joan_mckinley

Well, perhaps I should correct myself. The licensed collection does actually work with a user based license, but it does not allow you to evaluate a user based collection. You could still use a device based collection, and it would work to block access to those devices in the collection. 

While catalog security will prevent users from browsing/requesting software, it does not prevent them from accessing the site. To do this, you'd probably need to do something outside of App Broker..  For instance, I think that you could use .NET Authorization Rules.  The following is a brief overview:

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831722(v=ws.11)

I'd expect that it should look something similar to the following, where "BadPeopleGroup" is the name of the AD group containing users that should not have access.
rule.png

 

 

‎Oct 13, 2023 02:12 PM - edited ‎Oct 13, 2023 02:14 PM

Jump to solution
joan_mckinley
By
Level 6
In response to CharlesW

Thanks Charles!  We were able to get it to work with a device-based collection in the > Settings > Web Site.  We were using a user-based collection before.  Thanks for clarifying that!

‎Oct 20, 2023 10:24 AM

Top Kudoed Authors
View all