Category filter

How to Restrict User Login Time on Mac devices

Apple supports various in-built device usage restrictions on Mac. They help Administrator users limit the device activities of other user accounts. Organizations benefit from it as it enables them to set up downtime on corporate-owned macOS devices to block users’ access. Restricting user login time on the device ensures that the device is accessed only during effective hours. It would prevent illicit access to the device during the specified time, even if the user account credentials were compromised. The Time Limits policy for macOS restricts the users from logging into the machine for the specified time duration and is never misused for unlawful activities. Thus, the administrator need not hover over each account on the device manually to configure the usage limitations.


  • This feature is supported only on Ultimate and Ultra pricing plans.
  • Ensure that Parental Controls are enabled for the user in the respective device’s System Preferences.

Creating Time Limit Policy for Mac

Specify the duration for which you wish to allow or prevent user access to the Mac via the policy.

Restrict User Login and Access on Mac devices using Hexnode MDM - Time Limit Policy

  1. From your Hexnode MDM dashboard, navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an already existing policy.
  2. Go to macOS > Security > Time Limits. Click Configure.
  3. Check the option Enable access limit to enforce time limit restrictions on the Mac device. Choose from the other available options based on your requirement:
    • Allow access on weekdays– Allows access to the device from Monday to Friday for the specified duration.
    • Allow access on weekends– Allows access to the device on weekends (Saturday and Sunday) for the specified duration.

    • You can set time limits from 15 minutes up to 8 hours.
    • If “–” is selected no access limits are enforced on the user.
    • User login is restricted after the allowed time limit. If the device is in use, the user will be logged out automatically.

    Restrict User Login Time on macOS devices using Hexnode MDM - Allow Access

  4. Check the option Prevent access to set the time duration for which user should be restricted from logging in to the device. Specify the time limit at which access has to be blocked at Prevent access from _ to _ (based on 24-hour clock).

    The exact time set under Prevent access option gets applied in accordance with the time zone of the device. For example, if Prevent access is set between 13:00 to 14:00 on a device located at US, the user gets logged out automatically at 1 PM US time.

    Restrict User Login Time of macOS users using Hexnode MDM - Prevent Access

  5. Click Save.

Associating policies with macOS devices

If you are editing an existing policy,

  1. Navigate to Policy Targets.
  2. Go to Devices / Device Groups / Users / User Groups / Domains.
  3. Select the target entities and click OK.
  4. Click on Save.

If you have already saved the policy,

  1. Navigate to Policies and choose the policy.
  2. From Manage drop-down, select Associate Targets.
  3. Choose the target entities and click Associate.

You can also associate the policy from the Manage tab.

  1. Navigate to Manage > Devices.
  2. Choose the target devices or device group.
  3. Click on Manage drop-down and select Associate Policy.
  4. Choose the desired policy and click Associate.


A user with admin privileges can override the policy to change the time limits while logging in to the device. Any existing or new Time Limit policy comes into effect only after the time extension requested by the device admin is up.

What happens at the device end?

When the session times out, the user is logged out from the desktop and, if configured as such, shown an option to sign in again with admin credentials.

Settings to regulate User Login on Mac device using admin account
  • Managing Mac Devices