Multiuser support
Access
Akamai Guardicore Platform Agent supports multiuser Windows workstations. This feature lets users seamlessly switch between OS accounts on shared workstations and set up their individual Access configuration. The client saves Access configuration for each OS account and applies it on user login. Note that this feature doesn’t support switching to Access users or IdPs that belong to a different customer account. To learn how to set up Access in Guardicore Platform Agent, refer to the setup documentation.
The following limitations apply to the multiuser feature:
- Multiuser support for Access is limited to local logins. RDP connections are not supported.
- When installing the client with an Identity Provider (IdP) specified using the silent install parameter (
IDP=youridphostname.com
), end-users cannot switch to a different IdP post-installation. In multi-user environments, this results in all users on the workstation being restricted to a single IdP. - On multi-user workstations running Guardicore Platform Agent with Access exclusively, resetting Access removes Access configuration data for all workstation users instead of resetting the configuration only for the currently logged in user.
Threat Protection
If Guardicore Platform Agent is enabled with the Threat Protection service only, multiple users can share the same Windows or macOS device. To allow this capability, a SIA administrator must enable the Support multiple user per device setting in a SIA policy. With this configuration in place, the end user can authenticate and log out of a device. Users can access network resources they’re permitted to access based on the identity provider and SIA policy configuration.
After a new user authenticates to the device, there may be a short period of time where the client has not yet synchronized with the identity provider to identify the user and grant access.
Updated about 2 months ago