Currently this functionality/feature does not exist for the Collaboration Edge solution. Enhancement requests CSCus94318 and CSCux35528 are already filed for this feature.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus94318
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux35528

You can try one of the following workarounds:

• By default RemoteAccess parameter in JabberConfig.xml is set to ON. So either set it to OFF globally via jabber-config.xml and then apply group config to those who need it or (if only few users need to be restricted) just set it to OFF to selected devices via group config file. One thing worth mentioning is that for this parameter to work config files must be downloaded first so if the RemoteAccess is set ON globally - first (external) login would still work, but then additional group config would be downloaded and subsequent logins wouldn't work. If they would login internally first then first external login wouldn't work.

• If you are using a single domain then there is no way to restrict the access. In the case of multiple Domain, you can make one Domain only for internal and have that Domain assigned to users you want to restrict connect from outside. For other users you can assign separate domain which should allow access for users from outside. If you have single domain, currently Expressway does not have any method to differentiate users accessibility as all users will be using same Domain.

I assume if it cant be done use .xml on Jabber, then a way to prevent it on hardphones is not an option at this moment.

Much like a Phone VPN profile was allowed for Annyconnect, there is not control once Expressway is provisioned to prevent phones from leaving the company and attempting to use MRA

Hi!

May be it is possible to limit access by using SSO for external authentication?