Application context variables to use

You can use any of the following application contexts in your policy script:

  • context.lastAuthenticated: This specifies the date and time when the user was last authenticated by the Privileged Access Service. This can either refer to the last time that the user entered their user name and password, or the last time that they were automatically logged in by way of IWA. You can also call context.lastAuthenticated.ToString() to convert the returned date and time to a string value.
  • context.authLevel: This specifies the current authentication level. If the user has used regular authentication (no additional or Strong Authentication methods), the authentication level is 1. Level 2 is Strong Authentication.
  • context.onPrem: This specifies whether the user is currently logging in from inside the corporate intranet (as specified in the Corporate IP Range settings). This variable returns a boolean value. If you haven’t specified a Corporate IP Range, this context.onPrem is always false.
  • context.ipAddress: This specifies the user’s current IP address that is visible to the internet. If a user is logged in on your internal network, keep in the mind that the IP address is the address of the web proxy or NAT gateway.