SPP Entitlements connect to SPS profile

My question is about connection policy between SPP and SPS :

 

  • In SPP in Entitlements there is an option to choose what connection policy to use for RDP,SSH when connection trough SPS
  • How to create the connection option in SPS, what to configure in connection options, that when the connection is selected in SPP , the system use the selected connection to go through the SPS ?

So, the problem is ,

 

  • we have User1 in SPP that initiate an RDP,SSH connection and needs to connect to Asset and have a Content Policy that blocks some Windows title, some commands
  • we have User2 in SPP that initiate an RDP,SSH connection and connects to Asset and this User2 must have Content policy without blocking
  • In SPP in Entitlements there is an option to choose between different Connection Policies to use for SPS, but the system always use the first one in SPS, not that what is in the entitlement
  • and regardless of what IP address is in the From field in SPS connection and what is the IP of the computer from where the connection is initiated

In SPS there is 2 connections :

 

  1. Limited , that is coming from 192.168.1.11
  2. Default , that is coming from 0.0.0.0

 

If we connect and initiate a connection from a computer with 192,168.1.11 IP address via SPP web console , the connection goes through 1.limited

If  we connect and initiate a connection from a computer with any other IP  address via SPP web console , the connection goes again through 1.limited ( and not using the Default connection that is written in the Entitlement )

 

 

Please help me, how can we resolve this .

  • You may have to use a different RDP port in the SPS connection policy for example:

    1. Limited from 192.168.1.11 > use RDP port in SPS as 3399

    2. Default from 0.0.0.0 > use RDP port in SPS as 3389 

    That way you can separate each connection by port number, otherwise the first connection will always match on port 3389 and get denied on IP address due to limitation of from IP.

    It may take few minutes after changing the ports for SPP to pickup the changes and you can test again.

    If you need assistance with new configuration, I would recommend consulting with One Identity Professional Services team by discussing with your account manager.

    Thanks!