Conditional access to specific users?

Hi

Is it possible to manage from which devices users are able to connect to our managed Teamviewer hosts? We don't want to allow users connecting to our resources from any device, through TeamViewer Management Console portal or TeamViewer client.

Example "policy":

User A is only allowed to create a remote control session to corporate Teamviewer resources from User A's corporate device.

Is this possible to implement from TeamViewer management policy perspective?

Best Answer

Answers

  • Anyone?

  • JoshP
    JoshP Posts: 896 Senior Moderator

    Hello @tvuser12,

    Thank you for your post. 

    You do have the ability to restrict remote access to your devices by using the Black and Whitelist feature of TeamViewer! 

    You can find the feature easily by clicking in your TeamViewer fullversion on Extras --> Options --> Security --> Black and Whitelist.2018-10-23 09_43_36-TeamViewer.png

    With a whitelist set up, you can restrict who can connect to the devices by simply adding their credentials to the whitelist itself.2018-10-23 09_55_18-TeamViewer.png

    Usually, you would add user accounts to the whitelist, to ensure they can only access devices when logged in. However, this would mean any device they log in to their TeamViewer account with could access said devices.

    In your case, where you want to restrict which devices can access the managed hosts,you can instead add the TeamViewer ID of the approved devices; this is done by clicking Configure and then Manually Add Contact to your whitelist, as seen above.

    To apply a whitelist "en masse" to all of your managed hosts, you can set this in a TeamViewer policy, via Design & Deploy in the Management Console 2018-10-23 10_02_20-TeamViewer Management Console.png

    For more information on whitelists, please see the following knowledgebase article.

    Hope this helps!

    Josh P.

    Senior Community Moderator

    ---

  • So there is no way to restrict access from specific devices centrally from the Management Console? Only manually at the Host configuration? This is a no go for us, it would mean manual work for hundreds of computers.
  • JoshP
    JoshP Posts: 896 Senior Moderator

    Hello @tvuser12,

    Great question!

    The black and whitelist can be set up and deployed via a TeamViewer Policy, which can be set up in the Management Console 2018-10-24 09_50_19-TeamViewer Management Console.png2018-10-24 09_50_45-TeamViewer Management Console.png2018-10-24 09_51_07-TeamViewer Management Console.png

    If you already have a Policy deployed to the devices, simply add the black and whitelist to the current policy. You only need set it up once, and after it will be deployed to all managed devices.

    If you do not have a policy, simply create a new one by clicking the +Add Policy button! Add the whitelist and any other parameters you would like to remotely control/prevent users from modifying to a new policy, and once done you will be able to push it to all assigned devices.

    Hope this helps clarify!

    Josh P.

    Senior Community Moderator

    ---