Limiting devices per user by LDAP group membership

You can limit the number of allowed devices per user, using LDAP group membership as the conditional limiter. You can:

  • Select a global device limit of 0-50 devices per user
  • Add LDAP user groups to the LDAP group-specific device limit table
  • Edit LDAP user groups
  • Delete LDAP user groups from the device limit table
  • Set the device limit precedence setting: you can choose whether the standard device limit takes precedence over LDAP membership-specific device limits, or LDAP group-specific device limits take precedence over the standard device limit (for all applicable users). For example, you could set a global device limit of four devices, but restrict members of specific LDAP groups to one or two devices.

Before you begin 

You must have previously configured an LDAP server to support LDAP groups before you can set per-user device limits.

Procedure

  1. From the Admin Portal, go to Settings > System Settings > Users & Devices > Registration page.

    In the Per-User Device Limit section, enter the following information:

    Registration page, Per-User Device Limit section

  2. Per-User Device Limit (1‑50, or none): Set the default number of devices each user can register with Ivanti EPMM. This is the "standard" device limit, that by default takes precedence over LDAP membership-specific device limits.You can change this priority by selecting a device limit precedence setting (step 5).

  3. LDAP group specific device limit: This setting allows you to create LDAP group-specific device limits that vary from the default device limit you set as the per-user device limit.

    1. From below the LDAP group table, select Add+. The Add LDAP Group Specific Device Limit dialog box opens.

      Registration page, add LDAP Group Specific Device Limit dialog box

    2. Select a configurable LDAP server from the Select LDAP Server drop-down.
    3. Select a group from the LDAP Group drop-down.
    4. Select the device limit (1-50) from the Select device limit field.
    5. Select Add.

  4. Select a device limit precedence setting:

    1. Standard device limit takes precedence over LDAP membership-specific device limit for all applicable users.
    2. LDAP group-specific device limit takes precedence over standard device limit for all applicable users.

  5. Select Add to save your changes.

Editing or Deleting an LDAP group-specific device limit

You can modify or delete your LDAP group-specific device limits from the LDAP group-specific device limit table.

Procedure 

  1. Locate the LDAP group that you want to edit or delete in the LDAP group-specific device limit table.

    Registration page, LDAP group-specific device limit table

  2. Select Edit to re-open the Add LDAP Group Specific Device Limit dialog.
  3. Select Delete to delete the LDAP group-specific device limit.