Users > Local Groups > Edit EPC Settings

After creating device profiles, assign them to the local groups that uses them to authenticate users. Device profiles can be Allow profiles and Deny profiles. Allow profiles identify attributes of the client’s network that must be present before a user is authenticated, and Deny profiles identify attributes of the network that cannot be present. If multiple profiles are defined for a group, connection to the SMA appliance is granted only when a client’s environment fulfills all Allow profiles for the group and does not fulfill any Deny profiles. Use the EPC page on the Users > Local Groups > Edit page to assign device profiles to a group.

NetExtender login can be disabled on platforms where EPC is enabled.

EPC portal checking uses the NetExtender browser plug-in. EPC is checked when users log in to the web portal from a web browser that blocks any access to the private network from untrusted sites.

To configure device profiles to be used when authenticating users in a local group

1. Navigate to the Users > Local Groups page and click Edit for the Global group or a local group to be configured for EPC.

2. When the Edit Local Group page appears, go to the EPC Settings section. Use the EPC Settings page to enable or disable EPC for the group, select how to handle authentication requests from unsupported clients, and to add or remove device profiles.

   

3. In the Enable EPC field, select Enabled to enable EPC for the group, Disabled to disable EPC for the group, or Use Global Settings to either enable or disable EPC based on whether EPC is enabled on the Users > Local Users > Edit Global Policies or Users > Local Groups > Edit Global Policies page.
4. In the Allow Web Login on Device Without EPC field, set the default action to Enabled to allow, Disabled to block logins from these portals when EPC is enabled or Use Global Settings.
5. EPC is supported for iOS and Android mobile clients. In the Allow Login from Mobile Connect Without EPC field, set the default action to Enabled to allow or Disabled to block logins from these clients when EPC is enabled, or Use Global Settings.

6. Fields in the Recurring EPC section vary, depending on whether you are configuring EPC for the Global group or a local group. To configure EPC for the Global group, select Check at login to do EPC checks only when users login, or select Check Periodically to also do EPC checks at set intervals. For example, to do EPC checks whenever a user logs in and every x minutes thereafter while the user is logged in, select Check Periodically, and type the number of minutes to wait between EPC checks.

   OR

   To configure EPC for a local group, select Use Global Settings or Custom Settings from the Recurring EPC drop-down menu. If you select Use Global Settings, the local group inherits the EPC settings from the

   Global group. If you select Custom Settings, the Check at login and Check Periodically prompts are displayed and you can configure EPC, as explained for the Global group.

7. Either select Inherit global device profiles to use all defined Allow and Deny device profiles for the group.

   OR

   Add or remove profiles using the Edit EPC page:

   1. To add an Allow profile for the group, click Add Profile below the Allow Profiles heading.
   2. Select the profiles from the Available Profiles list that you want to add to the group and click Add. Selected profiles are then moved to the Allow Profiles list on the page that lists all device profiles that are used for the group.
   3. To remove an Allow profile from the group, select the profile from the Allow Profiles list and click the delete icon.
   4. To add a Deny profile for the group, click Add Profiles below the Deny Profiles heading and follow the preceding steps b and c.

8. Click Accept to save your changes.