Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Configure MAC Address Based Restriction


MAC address-based restriction offers a robust security layer by regulating access according to the distinctive MAC address of devices. This capability empowers you with genuine device-based restriction, ensuring a heightened level of control over authorized access.


Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Follow the step-by-step guide given below to Configure MAC Address Based Restriction

1. Enable MAC Address Restriction

  • Login to your Admin Account and go to Adaptive Authentication.
  • You can either create a new Adaptive Policy or you can edit an existing policy of your choice.
  • On the policy configuration page, go to the Device Restriction section and enable device restriction.
  • Provide the number of devices you would like each user to register and select the action the system should take.
  • MAC Address based Restriction: Device Restriction

  • If you select Challenge, scroll down to the Action for behavior Change section.
  • Office 365 Device Restriction Restrict Access adaptive authentication behavior and challenge type

  • Select the appropriate action from below:

    Action for behavior Change Options :

    Attribute Description
    Allow Allow user to authenticate and use services if Adaptive authentication condition is true.
    Challenge Challenge users with one of the three methods mentioned below for verifying user authenticity.
    Deny Deny user authentications and access to services if Adaptive authentication condition is true.

    Challenge Type Options :
    Attribute Description
    User second Factor The User needs to authenticate using the second factor he has opted or assigned for such as
  • OTP over SMS
  • PUSH Notification
  • OTP over Email
  • And 12 more methods.
  • KBA (Knowledge-based authentication) The System will ask user for 2 of 3 questions he has configured in his Self Service Console. Only after right answer to both questions user is allowed to proceed further.
    OTP over Alternate Email User will receive a OTP on the alternate email he has configured threw Self Service Console. Once user provides the correct OTP he is allowed to proceed further.
  • Once this is done, got back to the Device Configuration section and Enable the MAC Address-Based Restriction option. You will see details related to the option, once it's enabled.
  • You can download the Agent required for MAC Agent from the download link. When you click on the download link, a request will be raised against your account and will get added to the queue. You will receive an email on your admin email with the download links once the agents are generated for your account. Alternatively, you can also check this section again.
  • Save your restriction policy.

2. Get the download links from the Adaptive Policy list

  • Go to the Adaptive Authentication section.
  • Click on select >> Get MAC Agents option against your policy.
    (This option is only available for policies where you have enabled MAC address based restriction).
  • MAC Address based Restriction: Get MAC agents

  • If your request was already added to the queue and completed, then you will receive the download links for the Windows and Linux systems.
  • MAC Address based Restriction: Request completed

  • If your request was already added to the queue but is not completed yet, then you will see the appropriate message mentioning the same. You will receive an email on the admin’s email address once your request is processed.
  • MAC Address based Restriction: Request email

  • If your request was in the queue previously and is not processed yet, then you will see the appropriate message mentioning the same.
  • MAC Address based Restriction: Request in queue


3. Install The Agent on Windows

  • The Windows Installer For the Agent is a one click install. Run the installer with Admin privileges.
  • If you get a security warning as shown below, click on Run to continue with the installation.
  • MAC Address based Restriction: Run windows installer

  • Once the installation wizard is open, click on the install button to complete the installation.
  • MAC Address based Restriction: Completed the Installation

  • Once the installation is complete, you will see the following screen.
  • MAC Address based Restriction: Finish Installation


4. Install the Agent in Linux Systems

  • Make sure you are logged in to the Linux System as the SuperUser (root).
  • Download the Zip file for the Agent on your Linux machine.
  • Unzip the file and run the command: sh installScript.sh
    This will install the agent and create the required services for it.
  • MAC Address based Restriction: Install agent

  • To view all available commands for the installation, run the command: sh installScript.sh -h
  • MAC Address based Restriction: view commands

  • To uninstall the Agent, run the command: sh installScript.sh -u
  • MAC Address based Restriction: uninstall agent


5. Enable Restriction for your applications

  • Go to Policies >> App Login Policy from the left navigation bar.
  • Click on Edit option against your selected app.
  • Device restriction for Google Workspace (G Suite) edit device restriction policy

  • Set your application name in the Application and select password as Login Method.
  • Enable Adaptive Authentication.
  • From the Select Login Policy dropdown, select the policy we created in the first step and select the required restriction method as an option.
  • Click Save.
  • Device restriction for Google Workspace (G Suite) Restrict Access save device restriction policy

    How to add a trusted Device

    When End-user log in to the self service console after the policy for device restriction is on, he is provided the option to add the current device as a trusted device.



Need help to configure MAC Address Restriction?


Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.



External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products