Citrix Systems, Inc.
Dynamic access control to network resources using federated full domain logon

Abstract:

Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).