Category Filter

How to Restrict User Login Time on Mac devices

To keep the data and resources in your work managed macOS devices secure, the IT admins must employ stringent access control mechanisms. The Time Limits policy for macOS restricts the users from logging into the machine for the specified time period. This policy can also be used to control or block the users’ access to devices for the set time over the week.


Ensure that Parental Controls are enabled for the user in the respective device’s System Preferences.

Creating Time Limit Policy

Specify the duration for which you wish to allow or prevent user access to the Mac via the policy.

Restrict User Login Time on Mac devices using Hexnode MDM - Time Limit Policy

  1. From your Hexnode MDM dashboard, navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an already existing policy.
  2. Go to macOS > Security > Time Limits. Click Configure.
  3. Check the option Enable access limit to enforce time limit restrictions on the Mac device. Choose from the other available options based on your requirement:
    • Allow access on weekdays– Allows access to the device from Monday to Friday for the specified duration.
    • Allow access on weekends– Allows access to the device on weekends (Saturday and Sunday) for the specified duration.

    • You can set time limits from 15 minutes up to 8 hours.
    • If “–” is selected no access limits are enforced on the user.
    • User login is restricted after the allowed time limit. If the device is in use, the user will be logged out automatically.

    Restrict User Login Time on Mac devices using Hexnode MDM - Allow Access

  4. Check the option Prevent access to set the time duration for which user should be restricted from logging in to the device. Specify the time limit at which access has to be blocked at Prevent access from _ to _ (based on 24-hour clock).

    The exact time set under Prevent access option gets applied in accordance with the time zone of the device. For example, if Prevent access is set between 13:00 to 14:00 on a device located at US, the user gets logged out automatically at 1 PM US time.

    Restrict User Login Time on Mac devices using Hexnode MDM - Prevent Access

  5. Click Save.

Associating policies with target devices

If you are editing an existing policy,

  1. Navigate to Policy Targets.
  2. Go to Devices / Device Groups / Users / User Groups / Domains.
  3. Select the target entities and click OK.
  4. Click on Save.

If you have already saved the policy,

  1. Navigate to Policies and choose the policy.
  2. From Manage drop-down, select Associate Targets.
  3. Choose the target entities and click Associate.

You can also associate the policy from the Manage tab.

  1. Navigate to Manage > Devices.
  2. Choose the target devices or device group.
  3. Click on Manage drop-down and select Associate Policy.
  4. Choose the desired policy and click Associate.


A user with admin privileges can override the policy to change the time limits while logging in to the device. Any existing or new Time Limit policy comes into effect only after the time extension requested by the device admin is up.

Restrict User Login Time on Mac devices using Hexnode MDM - Login Override