Secure Mobile Access 12.4 Administration Guide

Scenario 5: Employee Connects from a Mobile Device

In this scenario an employee connects to the appliance from a mobile device outside of the corporate office. To establish an association between a particular user and his or her device (in case the device is misplaced or lost), the administrator has collected the user name and IMEI (International Mobile Equipment Identity) number for each device, and has added the IMEI number for user accounts on the Active Directory server. The administrator has also created a device profile named Mobile resources that verifies that user/IMEI association.

When a user logs in, the sequence is:

  1. The user connects to the appliance, logs in to the realm Employees by entering a user name and password, and is then assigned to the Mobile employees community.

  2. After the user authenticates, the client device is interrogated (using a device profile for the zone referenced by the Mobile employees community) and its IMEI number is determined.

  3. The IMEI number is compared against the one that is associated with the user in the AD directory. If there’s a match, the user is allowed access to mobile device-specific links; otherwise he or she is denied access.

  4. Optionally, the user may be prompted to authorize the VPN connection from the personal device.

Checking for an IMEI number works only on wide area networks (WAN), not WiFi, and the WAN service must be on for the post-authentication process to determine the IMEI number on the mobile device.

To track service by mobile device and user you can process audit log files for network proxy, Web proxy, or tunnel clients.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.