Access Control policies allow administrators to define who can authenticate, from where, and when based on a set of criteria. These policies apply to both Captive Portal and 802.1X authentication workflows.
Cloudi-Fi evaluates all criteria using AND logic, ensuring precise control. If all conditions match, the policy is applied.
Use cases
- Deny guest authentication outside business hours
- Block employee access from specific countries
- Restrict a specific login template to internal users only
Supported criteria
| Criteria | Description |
| Location | Match based on the location/site defined in Cloudi-Fi |
| Location name | Specific name of the physical or logical location |
| Country | Apply country-specific rules |
| Continent | Regional segmentation |
| User profile | Segment users by identity group |
| Template | Match specific captive portal template name |
| SSID | Match based on the SSID name the user connects through |
| Date | Match a specific calendar date or date range |
| Day of the week | Apply rules on specific weekdays (e.g., Mon–Fri) |
| Time | Time range within a day (e.g., 08:00–18:00) |
All criteria must match (AND logic) for the rule to trigger.
Actions
| Action | Description |
| Allow | Permit authentication |
| Deny | Block authentication with custom error |
Access Control policies do not assign profiles. Use Privilege Sets for post-authentication configurations.
Configuration steps
- Go to the Cloudi-Fi Admin console
- In the left sidebar, click on Policies
- Select Access control
- Click the "Add policy" button
- Fill in the following fields:
- Name: A descriptive label for the policy (e.g., "Deny Guests After Hours")
- Description (optional): Add context or notes about the policy’s purpose
- Define Matching Criteria:
- Location
- User profile
- Country
- Template
- Date
- Day of the week
- Time
- Action
- Allow
- Deny
- Save the policy
Save and prioritize the policy
Policies are evaluated top-down and are all evaluated.