Overview of Personal Device Authorization feature in SMA 8.5
03/26/2020 9 12730
Because Bring-Your-Own-Device (BYOD) has increased in popularity, IT experts are beginning to allow access to their networks. While the convenience is undeniable, the inherit risks that come with that kind of exposure must be managed. The Personal Device Authorization (PDA) feature is designed to help IT experts deal with this by utilizing the SMA appliance.
With the new PDA feature enabled, when a user attempts access to the secured network with an unregistered device, they must register that device and agree to the corporate and privacy policies in order to continue. Registration uses the device's unique Device ID for authorization, allowing future access unless revoked by you. You are able to configure and monitor all access.
Enable PDA feature
To enable PDA feature, login the management interface and navigate to Device management > Settings > Register Settings, select Enforce Device Register, then click Accept button to save the changes.
There are two options under Approve Method: Auto and Manual. The Manual mode means that each device first registered by one user is set to the “pending” or “wait for the administrator to approve” status. The Auto mode matches the registered devices with the device policies created by you. The device takes on the policies defined action when a policy is matched. If no matches are found, the device is set as approved by the system. The Auto mode can reduce your workload.
Note: You can customize register settings in domain level as well. And the domain level settings have a high priority than global settings.
ActiveSync Provision Settings
ActiveSync Provision Settings can be applied specifically to ActiveSync devices. Provision settings can override the settings on a backend Exchange server. Mobile devices are not able to sync when the Provision settings are not satisfied.
You can list a set of email addresses here. When a new registration request arrives, an email notification is sent to these addresses notifying the recipients to handle the request. The notification email’s Subject and Message can be customized.
Device policies are applied to the situation when the approve method is set to Auto. This can reduce your workload.
There are two types of device policies: Device Id and OS. The Device Id has a higher priority than OS by default.
There are also two Operators: Matches Regex and Equals String. Equals String is case sensitive. Equals String has priority to Matches Regex by default.
The Action option has three choices: Pending, Approve, and Reject. The device takes on the defined action when it matches the policies.
PDA for portal login
PDA for portal login currently is only supported in Desktop. All cases of PDA for the portal login are listed as
1, Upon first login, a security statement pops up after login authentication.
2, You would not be allowed access even if you accept to register your device when the device approval method is set to “Manual.” You must still wait for an administrator to approve your device.
3, However, you would not be allowed access if you have refused to register your device.
4, Also, you would not be allowed to register your device or gain access for it if you had already registered three devices.
5, Finally, you also cannot register your device or gain access for it if your “register device” request has been rejected by the administrator.
PDA for SMA Clients
Clients including Mobile Connect, NetExtender, Virtual Assist, and Virtual Meeting are currently not supported for the PDA feature in the RTQA build (no need to support “guest login”). Clients will be supported in a future build.