Registration Control; Setting Registration Restriction Policy; Viewing The Allow And Deny Lists; Activating Use Of Allow Or Deny Lists - TANDBERG Gatekeeper User Manual

8.

Registration Control

The TANDBERG Gatekeeper can control which endpoints are allowed to register with it. Two separate
mechanisms are provided: a simple Registration Restriction Policy, and an authentication process based
on user names and passwords. It is possible to use both mechanisms at once: authentication to verify
an endpoint's identity from a corporate directory, and registration restriction to control which of those
authenticated endpoints may register with a particular Gatekeeper.
8.1.

Setting Registration Restriction Policy

When an endpoint registers with your Gatekeeper it presents a list of aliases. You can control which
endpoints are allowed to register by including any one of its aliases on the Allow List or the Deny list.
Entries on the Allow and Deny Lists are in the form of patterns. When an endpoint attempts to register,
each of its aliases are compared with the patterns in the relevant list to see if they match. A pattern can
either specify an exact alias, or use wildcards to specify a group of aliases whose registration you want
to control.
For example, if the Registration Restriction policy is set to Deny and an endpoint attempts to register
using three aliases, one of which matches a pattern on the Deny list, that endpoint's registration will be
denied. Likewise, if the Registration Restriction policy is set to Allow, only one of the endpoint's aliases
needs to match a pattern on the Allow list for it to be allowed to register using all its aliases.
8.1.1.
To view the entries in the Allow and Deny lists, either issue the following commands:
xConfiguration Gatekeeper Registration AllowList
xConfiguration Gatekeeper Registration DenyList
or go to Gatekeeper Configuration
Registrations
8.1.2.
To activate the use of Allow or Deny lists when determining which aliases are allowed to register with the
Gatekeeper, either issue the following command:
xConfiguration Gatekeeper Registration RestrictionPolicy
[None|AllowList|DenyList ]
or go to Gatekeeper Configuration
restriction policy
The options are as follows:
None (default)
AllowList
DenyList
Note: Allow Lists and Deny Lists are mutually exclusive: only one may be in use at any given time.

Viewing the Allow and Deny lists

-> Restrictions. The Allow and Deny list entries appear in the
and Denied Registrations boxes respectively (see Figure 17).

Activating use of Allow or Deny lists

> Restrictions
drop-down menu .
Any endpoint may register.
Only those endpoints with an alias that matches an entry in the Allow List may
register.
All endpoints may register, unless they match an entry on the Deny List.
TANDBERG Gatekeeper User Guide
and select one of the options from the
Allowed
Registration
Page 36 of 105