Enforce user logon restrictions with contextual access management

Use the contextual information around a user’s logon to authorize, deny, or limit how a user can access the network, alongside multi-factor authentication (MFA).

  • Ensure appropriate employee access without frustration
  • Enhance security without adding work for IT
Start a free trial Book a Demo
Control and protect

Restrict access based on contextual factors

Go beyond existing Active Directory capabilities to easily apply customized login restrictions by user, group, or organizational unit (OU). Automatically block any logon attempts that don’t satisfy these granular access control security policies.



Limit access by workstation, device, IP range, organizational unit (OU), department and country.
Learn more


Limit access to specific hours, set daily, weekly, or monthly time quotas, maximum session times, and idle session time.
Learn more

Session typeSession type

Session type

Control workstation, terminal, Wi-Fi, VPN, IIS and SaaS sessions to protect both interactive sessions and network access for remote and mobile users.
Learn more

Simultaneous Connections

Simultaneous Connections

Limit the number of initial access points and prevent concurrent sessions from a single user identity.
Learn more

Why choose contextual access management?

  • Enhance security
    Adapt your security measures to the situation, and drastically reduce both the risk of a data breach and the burden on your team. Context-aware access controls are especially useful to secure remote employee access.
  • React in real time
    Ensure access security remains intact thanks to UserLock’s real-time enforcement of context-based access restrictions.
  • Prevent threats proactively
    Identify suspicious access attempts before they escalate. UserLock’s contextual approach allows you to easily spot anomalies and take action to mitigate potential threats.

  • Keep end users happy
    Choose your own balance between security and usability, and create a seamless, efficient experience for end users.

Deliver the right access, at the right time, to the right person

Set effective restrictions granularly to protect against unauthorized access, even if credential compromise happens.

  • Set restrictions by user, group or OU
  • Restrict access by machine or workstation
  • Deny simultaneous connections
  • Limit access to specific timeframes
  • Secure VPN access to an authorized machine
  • Protect any remote access
  • Apply temporary controls

Explore common use cases

View all contextual logon restrictions for specific users, groups or OUs

Example: Display restrictions set for the user Alice:

Initial access points

Limited to 1

Workstation sessions

Limited to 1

Terminal sessions

Limited to 0

Restriction settings

Authorized the following list






Restriction settings

Authorized the following list


Mon to Fri: 08:00:00 to 19:00:00


Saturday: 09:00:00 to 13:00:00

Action to take in case of overtime

Logoff session

Maximum session lenght

Limited to 15 min

Logoff notification timeout

Limited to 5 min



Allow to logoff an existing session if the number of allowed sessions has already been reached


Allow only one unlocked interactive session


Display the welcome message


Warn users in real time of all connection events involving their credentials


Meet compliance with context-aware access controls

Demonstrate system access controls, user identity verification, shared login restrictions, and simultaneous login prevention to meet compliance and insurance requirements.
Learn how UserLock supports compliance:


Address GDPR compliance
to keep personal data safe


Address HIPAA compliance
to keep patient data safe


Address PCI DSS compliance to keep sensitive cardholder data safe

Sarbanes Oxley’s (SOX)

Comply with Sarbanes Oxley’s (SOX) security regulations

ISO 27001

Address network and information access for ISO 27001 compliance

NIST 800-53

Address NIST 800-53 and NIST 800-171 compliance to keep federal data safe

Combine contextual access management with strong authentication and session management

For optimal security, use contextual access management alongside UserLock’s powerful authentication and session management capabilities.

Multi-factor authentication (MFA)

Add an extra layer of security beyond credentials to make sure only the right people gain access.

Single sign-on (SSO)

Combine SSO with MFA to quickly, securely offer access across a hybrid environment.

Session management

Monitor, alert and respond to all Active Directory user logon events.


Request a personalized demo now

Discover how UserLock can help you meet your needs.