Users > Local Users > Edit EPC Settings

After creating device profiles, assign them to the local users. Device profiles can be Allow profiles and Deny profiles. Allow profiles identify attributes of the client’s network that must be present before a user is authenticated, and Deny profiles identify attributes of the network that cannot be present. If multiple profiles are defined for a user, connection to the SRA appliance is granted only when a client’s environment fulfills all Allow profiles for the user and does not fulfill any Deny profiles. Use the EPC tab on the Users > Local Users > Edit page to assign device profiles to a user.

	NOTE: Before SRA 7.5, EPC checking was available on Windows only.

To configure device profiles to be used when authenticating a local user:

When the Edit Local User page appears, click the EPC tab. Use the EPC tab to enable or disable EPC for the user, select how to handle authentication requests from unsupported clients, and to add or remove device profiles.

In the Enable EPC field, select Enabled to enable EPC for the user, Disabled to disable EPC for the user, or Use group setting to either enable or disable EPC based on whether EPC is enabled on the End Point Control > Settings page.

In the Enable Mac/Linux Client Login field, set the default action to Enabled to allow or Disabled to block logins when EPC is enabled.

In SRA 7.5 or newer, EPC is supported for iOS and Android mobile clients. In the Enable Mobile Client Login field, set the default action to Enabled to allow logins or Disabled to block logins from these clients when EPC is enabled. Or set the default action to Use group setting to either enable or disable EPC based on whether EPC is enabled on the End Point Control > Settings page

In the Recurring EPC section, configure when EPC checks should be conducted. Select Check endpoint at login to perform EPC checks only when users login, or select Check endpoint at login and every x minutes thereafter to also perform EPC checks at set intervals. For example, to perform EPC checks whenever a user logs in and every x minutes thereafter while the user is logged in, select Check endpoint at login and every x minutes thereafter and type the number of minutes to wait between EPC checks.

Fields in the Recurring EPC section vary, depending on whether you are configuring EPC for the Global group or a local user. To configure EPC for the Global group, select Check endpoint at login to perform EPC checks only when users login, or select Check endpoint at login and every x minutes thereafter to also perform EPC checks at set intervals. For example, to perform EPC checks whenever a user logs in and every x minutes thereafter while the user is logged in, select Check endpoint at login and every x minutes thereafter and type the number of minutes to wait between EPC checks.

To configure EPC for a local user, select Use global setting or Custom Setting from the Recurring EPC drop-down list. If you select Use global setting, the local user inherits the EPC settings from the Global group. If you select Custom Setting, the Check endpoint at login and Check endpoint at login and every x minutes thereafter prompts are displayed and you can configure EPC, as explained for the Global group.

Either select the Inherit group device profiles check box to use all defined Allow and Deny device profiles for the user.

In the Edit EPC page, select the profiles from the All Profiles list that you want to add for the user and click the Add selected profiles button. Selected profiles are then moved to the In Use Profiles list on the page, which lists all device profiles that will be used for the user.

To remove an Allow profile for the user, select the profile from the In Use Profiles list and click the Remove selected profiles button.

To add or remove a Deny profile for the user, click the Add Deny Profiles button and follow the preceding steps b and d.