Skip to main content

Search

Cloudi-Fi Knowledge Base

How to configure privilege policies

Mahfoud
  • Updated

Privilege policies control session-related behavior after a user has successfully authenticated. They define how long a user stays connected, how many devices they can use, how reauthentication is handled, and which network segment (VLAN) they are assigned to.

Privilege Sets apply to authenticated users only, whether they connect via Captive Portal or 802.1X.

Each Privilege Set is applied based on AND-matching criteria like location, profile, country, template, and datetime.

Supported criteria

CriteriaDescription
LocationMatch based on the location/site defined in Cloudi-Fi
Location nameSpecific name of the physical or logical location
CountryApply country-specific rules
ContinentRegional segmentation
User profileSegment users by identity group
Template Match specific captive portal template name
SSIDMatch based on the SSID name the user connects through
DateMatch a specific calendar date or date range
Day of the week Apply rules on specific weekdays (e.g., Mon–Fri)
TimeTime range within a day (e.g., 08:00–18:00)

Configuration options

Session duration

  • What it does: Limits the time a user's session remains active.
  • Use case: Expire guest sessions after 2 hours.

VLAN ID assignment

  • What it does: Assigns a specific VLAN to the user via RADIUS attribute.
  • Applies to: Only with 802.1X or RADIUS-based IoT scenarios.
  • Use case: Segment guests on VLAN 40, employees on VLAN 20.

Maximum devices allowed

  • What it does: Restricts the number of simultaneous device connections per user.
  • Use case: Allow employees up to 3 devices.
  • Scope: Enforced per identity

Configuration steps

  • Go to the Cloudi-Fi admin console
  • In the left sidebar, click on Policies
  • Select Access control  

Cloudi-Fi console - Privileges policies

  • Click the "Add policy" button
  • Fill in the following fields:
    • Name: A descriptive label for the policy (e.g., "Guest - Limited Access")
    • Description (optional): Add notes about the scope or target audience
  • Define matching criteria:
    • Location
    • User Profile
    • Country
    • Template
    • Date
    • Day of the Week
    • Time
  • Configure settings
    • Session Duration
    • Max Devices
    • VLAN ID (if needed)
  • Save the policy

Save and prioritize the policy