After installing an agent, you configure the agent to control user access to protected resources. The following table describes how each agent configuration controls user access.
| Agent Configuration | Who Can Authenticate | Benefits |
| Unrestricted | All users in the same deployment as the agent. | Less administrative burden because there is no need to configure an agent as a restricted agent, associate user groups with agents, or manage user membership of the user groups associated with the agent. However, you can grant a user group that is associated with a logon alias access to an unrestricted agent. |
| Restricted | Members of any group directly granted access to the restricted agent. Members of a group nested within a group granted access to the restricted agent. | Increases security because only a subset of users is allowed to authenticate to the agent, which allows you to limit access to specific network resources. |
| Restricted with group access time restrictions | Members of a group or nested group who authenticate during a specified time. | Further restricts access to the agent by prohibiting authentication outside of a specified time period. |