Expected location and VPN rules - Allow the use of groups
under review
J
Jordan Getley
At the moment, when creating an expected location or VPN rule, you get the option to apply this against either an identity, or the entire organisation. It would be useful to have an option to create groups within Huntress, and apply expected rules to them. This would help clean up the location and VPN rules dashboard, as we currently have to create multiple rules if there is ever an instance where multiple users would need access from either a specific location or VPN.
D
David Cloutier
This is a great use case, especially for K-12 and higher-ed. Different identity populations require different security postures.
For instance in our context - with students:
-VPN usage: allowed (no action needed)
-Login locations: flexible (e.g., multiple countries due to travel, family situations)
With faculty/staff:
-VPN usage: not allowed (account should be disabled or incident generated)
-Login locations: restricted (e.g., home country only)
Today, enabling "Deny All VPNs" or "Deny All Locations Outside Usage Location" forces these controls on
everyone
, which is too aggressive for students and not granular enough for staff.It will be so great to have the ability to scope Location Rules and VPN Rules to subsets of identities, not just the entire organization.
Ideally, this would include one or more of the following targeting options:
-Email domain–based scoping (e.g. Allow VPN usage for @students.example.ca, Deny VPN usage for @faculty.example.ca)
-Directory group–based scoping (Microsoft Entra / Azure AD)
-Apply rules based on Entra group membership (e.g., Faculty, Staff, Admins)
Y
Yidel Steinfeld
Even better would be the ability to apply a location rule to a proactively Entra group, that way the escalation can be proactively avoided by adding the users at creation
Cameron
This along with escalations being generated on an identity basis would be ideal.
I almost wonder if it would be best to implement a grouping system for this type of access across the board. As in you can create a group of identities and a group of organizations, this would be ideal for management as we would be able to quickly and easily filter objects into these groups and attach notes en mass.
Rich Mozeleski
marked this post as
under review
Hi Jordan Getley, this is something we're going to do but no timeline yet.
J
Jordan Getley
Rich Mozeleski That's perfect, thank you for confirming! It isn't a very urgent issue, it will just make managing rules easier in the long run