Novell Doc: Novell Access Manager 3.1 SP1 SSL VPN Server Guide - Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode

15.1 Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode

You can configure client policies to user roles so that they can connect only in Enterprise mode or only in Kiosk mode.

In the Administration Console, click Devices > SSL VPNs > Edit.
Select Client Policies from the policies section.
The Client Policies page is displayed.

Select one of the following options:

Always Kiosk Mode: Select this option to force SSL VPN users to connect in Kiosk mode only, depending on the role of the user.

Always Enterprise Mode: Select this option to force SSL VPN users to connect in Enterprise mode only, depending on the role of the user.

Client Privilege Based Mode: Select this option to allow users to connect in either Enterprise mode or Kiosk mode, depending on their privileges. If you do not select any client modes for roles, the roles are by default configured for the Client Privilege Based Mode option.

NOTE:You cannot configure some roles to connect in Always Kiosk Mode and other roles to connect in Always Enterprise Mode. The two modes are mutually exclusive. However, if you configure some roles for one of these two modes, and do not configure some other roles for any mode, then such role are by default configured for the Client Privilege Based Mode.

For example, you cannot configure the Sales role for the Always Kiosk Mode and the Finance role for the Always Enterprise Mode. However, if you configure the Sales role for either Always Kiosk Mode or Always Enterprise Mode and do not configure the Finance role for any mode, the Finance role is by default configured for the Client Privilege Based Mode.
To configure the role for which the Client policy should be applicable, specify the following information:

Role (s): The role to which the client policy applies. If the role is created in the Identity Server, it is displayed in Available Roles by default.

The role is case-sensitive. If the role configured is Employee and the Identity Server sends a request for employee, the rule is not pushed to the client.

Manage Roles: To assign a client policy to user-defined roles, click the Manage Roles button. Click the Add Role icon to add roles or click the Remove selected role icon to delete roles. Click OK to confirm your changes, or click Cancel to discard them.

Available Roles: Select the role for which you want to assign the client policy and click the forward arrow to send it to Assigned Roles. If you want to assign a client policy to multiple roles, press the Ctrl key when selecting the roles.

Assign Roles: Lists the roles for which a client policy is assigned.

If some roles are not explicitly configured for a mode, they are assigned to the Client Privileged Mode by default.
To save your modifications, click OK, then click Update on the Configuration page.