📖 3 mins read

GAT Shield Login Control

GAT Shield allows admins to set up Login Control rule for users of their domain. By setting up this rule admins can control whether users can log in to their domain or not.

It works by disabling users from logging into your domain at certain times (Login time window from/to) and log in area.

This type of Login control can be set up from the GAT Shield console.

1. Login control

Navigate to Shield → Configuration → Login Control 

GAT Shield | Login control 1

2.Select Filters

In the Login Control settings pick the Time window or Login Area, from where users will not be able to log in to your domain.

3. Time window

Fill in the details and select times at which the users will be allowed to log in to the domain (using domain credentials)

  • Login time window (from) –  pick the start time from which users will be allowed to log in
  • Login time window (to) – pick the end time after which the users will not be allowed to log in

By selecting the TIME FRAME where users will be ALLOWED to log in, users will not be able to log in outside the scope of the selected time.

A time window during which Shield-protected devices can log into your domain. Build custom cron expressions.

GAT Shield | Login control 2

 

 

  • Login time window (from): – set the start time 0 0 9 ? * MON-FRI *
  • Login time window (to): – set the finish time 0 0 17 ? * MON-FRI *

Users will not be allowed to log in outside the selected time window above.

The times are set and build as Cron expressions. Select your time frame and place in the fields (from) and (to).

An example of cron settings: 0 0 9 ? * MON-FRI * (start from 9AM Monday to Friday), 0 0 17 ? * MON-FRI * (finish on 5 PM Monday to Friday).

Login Area

Select an area, outside of which, Shield devices cannot log in to your domain.

Clicking on the “select area” button will show a Map, there you can pick the location you need.

*Note: Users from OUTSIDE the selected Area will not be able to Log in to the domain

Idle timeout (s)

A period of idle time (in seconds) after which Shield will log the user’s device out of your domain. Maximum value is 15 minutes / 900 [s].

Setting options

  • ‘Hard’ logout -If this option is not selected, ‘soft logout’ is the default method. The user will just be logged out of the Google domain sessions on the device. If ‘hard logout’ is selected the user will be logged out entirely from the device (Google domain sessions, personal sessions, Chrome, etc.).
  • Login Allowlist – If blank GAT Shield allows all users to log into your domain from all networks, else only specified, use direct (eg. 72.14.0.154) or network addresses (eg. 64.233.187.99/8). All network addresses must end with a CIDR. Use a semicolon to separate addresses.
  • Login Allowlist exclusions – User(s) exclusions from the allow list. Overrides above rule. Start typing for suggestions.

Scope – users affected

  • Scope – Rule recipients. If no value is specified, all domain users are affected. If any value is specified, any user who meets the criteria is affected.

GAT Shield | Login control 3

Note:
These settings allow you to enforce policies to prevent or allow access to your Google Workspace domain by clients with Shield devices, using a number of criteria.
It may take a while for settings to propagate to all GAT Shield Chrome extensions.

Result

When the Login control is enabled, for Time-frame, Login Area the users will not be able to login using their Domain credential, they will receive the message as below.

Login to Google services has been blocked at this time.

GAT Shield | Login control 4

If you’d like to run a trial of our products please install GAT+ from the Google Workspace Marketplace and contact us at support@gatlabs.com with any questions you may have.

To request a demo please click here and fill the form. We’ll get back to you in less than 12 hours during weekdays.

If you tried GAT in the past and you would like to run a fresh trial again, please enquire through this form.

Thanks for sharing and spreading the word!