LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Real-World Use Cases
  • Configuration guide
  • Step 1 - Members & Groups
  • Step 2 - Systems & Branches
  • Step 3 (optional) - Time Management
  • Enabling Access Cards
  • Not sure about the configuration?

Was this helpful?

  1. Configuration guides
  2. Features
  3. Zero Trust Access Control

Access Cards

Increase your organization's security with Access Cards. Define who can access your Systems and Clouds & Branches and when. Enforce granular, time-based restrictions to ensure secure, tailored access.

PreviousZero Trust Access ControlNextDevice Posture Check

Last updated 2 months ago

Was this helpful?

This feature is available in the Premium plan and higher.

Access Cards offer a powerful, flexible way to manage and secure access to your organization’s Systems and Clouds & Branches. As a core component of Zero Trust Access Control, Access Cards allow you to define not only who can access your resources but also when they are allowed to do so. This capability enhances security by ensuring that access is granted only during a set time period—whether it’s standard business hours, temporary project periods, or any custom schedule that meets your organization’s needs. For instance, you can implement Privileged Access Management (PAM) by issuing temporary Access Cards that grant administrators access to critical systems only when needed, with access automatically revoked after a predefined period (e.g., 24 hours). Similarly, you can enforce strict business-hour access policies to ensure users can access your systems only during approved operating times, thereby reducing off-hours vulnerabilities.

Unlike traditional access management, Access Cards automatically control FWaaS (Firewall-as-a-Service) in the background. This means there’s no need to manually configure firewall rules for identity-based access control—everything is handled automatically. This simplifies access control and makes it easy to implement even for non-technical users, similar to physical perimeter security.

By default, Access Cards are disabled and all Members have unrestricted access to all the defined Systems and Clouds & Branches.

Real-World Use Cases

Below are practical examples that show how Access Cards can simplify access management and enhance security in various scenarios.

1. Privileged Access Management (PAM) for Admin Accounts

Your company needs to grant administrative access to critical systems only when necessary. By default, no one has access to an admin interface. When an administrator requires access, you create an Access Card valid for a limited time (e.g., 24 hours). Once expired, access is automatically revoked—keeping your critical systems secure.

Key Benefits:

  • Minimized Attack Surface: No default admin access reduces the risk of unauthorized entry.

  • Full Visibility & Auditability: All administrative actions are logged, providing a clear audit trail.

  • Automated Expiry: Access is automatically revoked after the set time period, eliminating the need for manual intervention.

2. Temporary Employee or Contractor Access

Your company hires temporary employees or contractors who need access to internal systems for a limited time. Instead of manually revoking their access later, you create an Access Card with a set expiration date. Once the expiration time is reached, the Access Card is automatically disabled, ensuring they can no longer access the assigned systems.

Key Benefits:

  • Reduced Administrative Overhead: Automatic expiration means you don’t need to manually revoke access.

  • Enhanced Security: Ensures that temporary access doesn’t persist longer than required.

  • Time-Bound Access: Access is precisely limited to the necessary duration.

3. Restricting Access to Business Hours

Your organization operates between 9 AM and 5 PM. To prevent unauthorized system access outside of working hours, you configure an Access Card with specific time slot restrictions. This ensures employees can only access your systems during designated working hours, reducing security risks from off-hours access.

Key Benefits:

  • Enhanced Security: Limits system access to times when your organization is operational.

  • Reduced Risk: Minimizes the potential for off-hours breaches or unauthorized access.

  • Policy Compliance: Supports organizational policies and regulatory requirements.

4. Role-Based Access for Different Teams

Different teams within your organization require different access levels. For example, the IT team needs access to infrastructure systems, while the sales team only requires CRM access. With Access Cards, you can define granular access by assigning separate cards to each team, following the principle of least privilege—ensuring employees only have access to what they need.

Key Benefits:

  • Granular Control: Provides precise access permissions based on role requirements.

  • Improved Security: Reduces exposure by ensuring users only access what they need.

  • Simplified Management: Makes it easier to update or revoke access as team needs evolve.

5. Emergency Access for Incident Response Teams

Your cybersecurity team needs immediate access to sensitive systems during a security incident. Instead of permanently granting broad access, you issue a temporary Access Card that is valid only for the duration of the incident. Once the situation is resolved, access is automatically revoked when the card expires.

Key Benefits:

  • Immediate Availability: Quickly grants access when it’s most needed.

  • Limited Exposure: Temporary access minimizes prolonged security risks.

  • Comprehensive Audit Trail: All actions taken during the incident are logged for review.

6. Secure Access for Remote Workers

Your workforce is distributed across multiple time zones, and you need to align access permissions with employees’ working hours. With Access Cards, you can define access windows based on each user’s local time zone, ensuring they can securely connect without exposing systems to unnecessary risk.

Key Benefits:

  • Time Zone Flexibility: Customizes access windows based on local time.

  • Enhanced Security: Restricts access to approved time periods, reducing risk.

  • Consistent Policy Enforcement: Ensures uniform remote access practices across your organization.

7. Seasonal or Part-Time Employee Access

Your company hires seasonal workers who need access to internal sales and inventory systems only during peak seasons. By issuing Access Cards with pre-defined expiration dates, access is automatically revoked at season’s end, preventing former employees from accessing the systems.

Key Benefits:

  • Automated Revocation: Ensures access ends when it’s no longer needed.

  • Cost-Effective Management: Simplifies temporary access without additional manual processes.

  • Increased Security: Prevents unauthorized access after the designated period.

8. Guest Access for External Auditors or Partners

Your company occasionally collaborates with external auditors or business partners who need access to specific systems for a limited time. Instead of permanently granting access, you assign an Access Card with strict time and system access limitations. Once their assessment or project is complete, the Access Card expires, immediately disabling their access.

Key Benefits:

  • Controlled Exposure: Limits the extent and duration of external access.

  • Improved Security: Prevents permanent access by external parties.

  • Clear Audit Trails: All guest access is logged for compliance and monitoring.

Configuration guide

Click + Add Access Card, and give the Access Card a name (e.g., Developers, Marketing, Sales, etc.).

Step 1 - Members & Groups

Click + Add to assign individual Members or Groups who should access your protected Systems and Clouds & Branches.

Click Continue.

Step 2 - Systems & Branches

Click + Add to select which Systems and Clouds & Branches the chosen Members can access.

Click Continue.

Step 3 (optional) - Time Management

  • Timezone - Select the time zone in which you want to set your time restrictions.

  • Temporary access - Set an expiration date and time for the Access Card. Once expired, it is automatically disabled, cutting off access immediately.

  • Time slot restrictions - Define specific access time slots (e.g., business hours). Access outside these hours is restricted.

Click Submit to create the Access Card.

The Access Control rules will take effect immediately for all active Gateways.

Enabling Access Cards

Please note: Enabling Access Cards without any settings will prevent all Members from accessing your Systems and Clouds & Branches!

Check Enable Access Cards, and click Yes, enable!.

You have now successfully set up an Access Control rule that determines who can access what—and when.

Not sure about the configuration?

Get in touch with our who can help you understand how to effectively secure your organization with the Access Cards and help you configure it. This service is completely free.

🖥️
Log in to the GoodAccess Control Panel, and go to Access Control > Access Cards.
Solution Architect
Access Cards section of the GoodAccess Control Panel
Members & Groups
Systems & Branches
Time Management
Access Cards section of the GoodAccess Control Panel.
Step 1 of the Access Cards setup wizard.
Step 2 of the Access Cards setup wizard.
Step 3 of the Access Cards setup wizard.