Access Cards
Increase your organization's security with Access Cards. Define who can access your Systems and Clouds & Branches and when. Enforce granular, time-based restrictions to ensure secure, tailored access.
Last updated
Was this helpful?
Increase your organization's security with Access Cards. Define who can access your Systems and Clouds & Branches and when. Enforce granular, time-based restrictions to ensure secure, tailored access.
Last updated
Was this helpful?
This feature is available in the Premium plan and higher.
Access Cards offer a powerful, flexible way to manage and secure access to your organization’s Systems and Clouds & Branches. As a core component of Zero Trust Access Control, Access Cards allow you to define not only who can access your resources but also when they are allowed to do so. This capability enhances security by ensuring that access is granted only during a set time period—whether it’s standard business hours, temporary project periods, or any custom schedule that meets your organization’s needs. For instance, you can implement Privileged Access Management (PAM) by issuing temporary Access Cards that grant administrators access to critical systems only when needed, with access automatically revoked after a predefined period (e.g., 24 hours). Similarly, you can enforce strict business-hour access policies to ensure users can access your systems only during approved operating times, thereby reducing off-hours vulnerabilities.
Unlike traditional access management, Access Cards automatically control FWaaS (Firewall-as-a-Service) in the background. This means there’s no need to manually configure firewall rules for identity-based access control—everything is handled automatically. This simplifies access control and makes it easy to implement even for non-technical users, similar to physical perimeter security.
By default, Access Cards are disabled and all Members have unrestricted access to all the defined Systems and Clouds & Branches.
Below are practical examples that show how Access Cards can simplify access management and enhance security in various scenarios.
Your company needs to grant administrative access to critical systems only when necessary. By default, no one has access to an admin interface. When an administrator requires access, you create an Access Card valid for a limited time (e.g., 24 hours). Once expired, access is automatically revoked—keeping your critical systems secure.
Key Benefits:
Minimized Attack Surface: No default admin access reduces the risk of unauthorized entry.
Full Visibility & Auditability: All administrative actions are logged, providing a clear audit trail.
Automated Expiry: Access is automatically revoked after the set time period, eliminating the need for manual intervention.
Your company hires temporary employees or contractors who need access to internal systems for a limited time. Instead of manually revoking their access later, you create an Access Card with a set expiration date. Once the expiration time is reached, the Access Card is automatically disabled, ensuring they can no longer access the assigned systems.
Key Benefits:
Reduced Administrative Overhead: Automatic expiration means you don’t need to manually revoke access.
Enhanced Security: Ensures that temporary access doesn’t persist longer than required.
Time-Bound Access: Access is precisely limited to the necessary duration.
Your organization operates between 9 AM and 6 PM. To prevent unauthorized system access outside of working hours, you configure an Access Card with specific time slot restrictions. This ensures employees can only connect during designated working hours, reducing security risks from off-hours access.
Key Benefits:
Enhanced Security: Limits system access to times when your organization is operational.
Reduced Risk: Minimizes the potential for off-hours breaches or unauthorized access.
Policy Compliance: Supports organizational policies and regulatory requirements.
Different teams within your organization require different access levels. For example, the IT team needs access to infrastructure systems, while the sales team only requires CRM access. With Access Cards, you can define granular access by assigning separate cards to each team, following the principle of least privilege—ensuring employees only have access to what they need.
Key Benefits:
Granular Control: Provides precise access permissions based on role requirements.
Improved Security: Reduces exposure by ensuring users only access what they need.
Simplified Management: Makes it easier to update or revoke access as team needs evolve.
Your cybersecurity team needs immediate access to sensitive systems during a security incident. Instead of permanently granting broad access, you issue a temporary Access Card that is valid only for the duration of the incident. Once the situation is resolved, access is automatically revoked when the card expires.
Key Benefits:
Immediate Availability: Quickly grants access when it’s most needed.
Limited Exposure: Temporary access minimizes prolonged security risks.
Comprehensive Audit Trail: All actions taken during the incident are logged for review.
Your workforce is distributed across multiple time zones, and you need to align access permissions with employees’ working hours. With Access Cards, you can define access windows based on each user’s local time zone, ensuring they can securely connect without exposing systems to unnecessary risk.
Key Benefits:
Time Zone Flexibility: Customizes access windows based on local time.
Enhanced Security: Restricts access to approved time periods, reducing risk.
Consistent Policy Enforcement: Ensures uniform remote access practices across your organization.
Your company hires seasonal workers who need access to internal sales and inventory systems only during peak seasons. By issuing Access Cards with pre-defined expiration dates, access is automatically revoked at season’s end, preventing former employees from accessing the systems.
Key Benefits:
Automated Revocation: Ensures access ends when it’s no longer needed.
Cost-Effective Management: Simplifies temporary access without additional manual processes.
Increased Security: Prevents unauthorized access after the designated period.
Your company occasionally collaborates with external auditors or business partners who need access to specific systems for a limited time. Instead of permanently granting access, you assign an Access Card with strict time and system access limitations. Once their assessment or project is complete, the Access Card expires, immediately disabling their access.
Key Benefits:
Controlled Exposure: Limits the extent and duration of external access.
Improved Security: Prevents permanent access by external parties.
Clear Audit Trails: All guest access is logged for compliance and monitoring.
Log in to the GoodAccess Control Panel, and go to Access Control > Access Cards.
Click + Add Access Card, and give the Access Card a name (e.g., Developers, Marketing, Sales, etc.).
Click + Add to assign individual Members or Groups who should access your protected Systems and Clouds & Branches.
Click Continue.
Click + Add to select which Systems and Clouds & Branches the chosen Members can access.
Click Continue.
Timezone - Select the time zone in which you want to set your time restrictions.
Temporary access - Set an expiration date and time for the Access Card. Once expired, it is automatically disabled, cutting off access immediately.
Time slot restrictions - Define specific access time slots (e.g., business hours). Access outside these hours is restricted.
Click Submit to create the Access Card.
The Access Control rules will take effect immediately for all active Gateways.
Please note: Enabling Access Cards without any settings will prevent all Members from accessing your Systems and Clouds & Branches!
Check Enable Access Cards, and click Yes, enable!.
You have now successfully set up an Access Control rule that determines who can access what—and when.
