Robert Boluchi Posted February 11, 2019 Posted February 11, 2019 Hello Everybody, We have released a new application on production. We have sent the URL to only our Pilot-Testers so that only pilot-testers should be able to log on. We use NetScaler and SSO for loging on our users. However if a user (not Pilot-Tester) knows the URL he/she can log on to the site. How we make the application visible only for Pilot-Testers? Is it possible to add a Filter based on the subnet the Pilot_testers belong to? So that only users with a specific IP-Address will be able to log on to that specific application but they still are able to sign on to other applications. Thanks.
Sam Jacobs Posted February 11, 2019 Posted February 11, 2019 Create an AD group for the pilot testers, and then create an AAA group on the NetScaler exactly (case-sensitive) matching the name of the AD group. Then bind your session policy to only the AAA group (and not to the gateway vServer). Anyone not in the group will not be able to log in.
Robert Boluchi Posted February 11, 2019 Author Posted February 11, 2019 32 minutes ago, Sam Jacobs said: Create an AD group for the pilot testers, and then create an AAA group on the NetScaler exactly (case-sensitive) matching the name of the AD group. Then bind your session policy to only the AAA group (and not to the gateway vServer). Anyone not in the group will not be able to log in. Thanks Sam, Do the pilot-testers still be able to access other applications?
Sam Jacobs Posted February 11, 2019 Posted February 11, 2019 The pilot testers will be able to access all applications they are currently able to access. You are only changing functionality for users not in the pilot group.
Carl Behrent Posted March 12, 2019 Posted March 12, 2019 In the past I have set up a second VIP (the primary VIP was disabled for users until testing was being done) pointing to the backend Prod servers, then get my testers to use their local host file to add the primary URL pointing to the second VIP. Once testing was completed they can remove the host file entry and enable the primary VIP again.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.