We need to restrict access to the App Portal web page for a group of users. We have an AD group create that includes all users we want to have access and excludes the users we don't want to have access.
We have followed this KB Managing Catalog Permissions (flexera.com) but our user can still get to the home page and see tabs at the top. They see these tabs at the top and can click on them: My Apps, Processed and Approve/Reject although they are blank.
We use user-based licenses. In the past, we recall users receiving a message similar to: "You do not have a license to access this web page". We tried changing our custom User Sync as well to include the MECM collection which does not include these users.
Do you have any ideas?
Thanks,
Joan
Oct 12, 2023 02:24 PM
Well, perhaps I should correct myself. The licensed collection does actually work with a user based license, but it does not allow you to evaluate a user based collection. You could still use a device based collection, and it would work to block access to those devices in the collection.
While catalog security will prevent users from browsing/requesting software, it does not prevent them from accessing the site. To do this, you'd probably need to do something outside of App Broker.. For instance, I think that you could use .NET Authorization Rules. The following is a brief overview:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831722(v=ws.11)
I'd expect that it should look something similar to the following, where "BadPeopleGroup" is the name of the AD group containing users that should not have access.
Oct 13, 2023 02:12 PM - edited Oct 13, 2023 02:14 PM
I think you should be able to use an Exclude Condition in the General tab of the Site Management > Settings > Web Site . We use an exclude condition to exclude servers from App Portal and it works. General Tab (flexera.com)
Oct 13, 2023 11:07 AM
Well, perhaps I should correct myself. The licensed collection does actually work with a user based license, but it does not allow you to evaluate a user based collection. You could still use a device based collection, and it would work to block access to those devices in the collection.
While catalog security will prevent users from browsing/requesting software, it does not prevent them from accessing the site. To do this, you'd probably need to do something outside of App Broker.. For instance, I think that you could use .NET Authorization Rules. The following is a brief overview:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831722(v=ws.11)
I'd expect that it should look something similar to the following, where "BadPeopleGroup" is the name of the AD group containing users that should not have access.
Oct 13, 2023 02:12 PM - edited Oct 13, 2023 02:14 PM
Thanks Charles! We were able to get it to work with a device-based collection in the > Settings > Web Site. We were using a user-based collection before. Thanks for clarifying that!
Oct 20, 2023 10:24 AM