Secure Mobile Access 12.4 Administration Guide

Scenario 1: Employees Connecting from IT-Managed Laptops

This scenario begins with an employee connecting to the appliance using an IT-managed laptop:

  1. The user connects to the appliance, logs in to the realm Employees, and is assigned to the Full-time employees community.
  2. After the user authenticates, the client device is interrogated to determine if it matches any device profiles belonging to the zones referenced by the Full-time employees community. Device profiles are evaluated by zone, starting with any Deny zones and then proceeding through the zones listed for the community.
  3. The appliance finds that the client doesn’t match the device profile for the Deny zone (Block-access), so it proceeds to check the profile for the IT-managed zone. The IT-managed zone references a device profile named Trusted laptop. The appliance determines that the user’s device attributes match that particular device profile (a registry key entry, antimalware software, and an application).
  4. Based on that match, the appliance classifies the device into the IT-managed zone and doesn’t evaluate the subsequent zones in the list for that community.
  5. The IT-managed zone is not configured to require a data protection tool on the client. The appliance then provisions the access agent configured for the Full-time employees community, and the user is able to access the appropriate network resources.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.