Assessment in Digital Access
This article describes the assessment access rule that can be used in Smart ID Digital Access component.
Assessment is available as an access rule where Windows and Mac based rules can be configured. This means that information like MAC-Address, list of running processes, computer name and computer domain could be validated when creating a tunnel set. The assessment access rule is only supported for tunnel resources.
The assessment access rule is based on data send by the Access Client. An assessment access rule can be created for Windows as well as for MacOS. Depending on the operating system the available data that could be validated differs.
For Windows the following data can be validated:
- Network Interface Information
Information about the network interface, such as Description, Name and Physical address used. - Process Information
Information about processes, such as Process digest, Process name and Process ID. - Windows Domain Information
Information about the domain, such as Computer name, LAN Group, Major version, Minor version and Platform ID. - Windows User Information
Information about the logged in windows user, such as Alternative domains, Logon domain, Logon server and user name.
For MacOS the following data can be validated:
- Network Interface Information
The Physical address of the network interface used. - Process Information
Information about processes, such as Process name and Process ID.
For each kind of requirement a specific feedback message can be provided that will be displayed to the user if the validation fails. This makes it easy for the user to understand the reason.
Add an assessment access rule
- In Digital Access Admin, go to Manage Resource Access.
- Click Access Rules > Add Access Rule...
- Enter a Display Name and click Add Rule...
- Select Assessment in the list of Access Rule types and click Next.
- Enter the Display Name and select Operating System.
- Specify the assessment, for help, click the ?-sign.
- Specify a Feedback Message to be displayed to the user when access to the requested resource is denied.
- Confirm.