Secure Mobile Access 12.4 Administration Guide

Configuring Personal Device Authorization

With Personal Device Authorization users connecting to the corporate network with a personal device that is not registered with the appliance are prompted to register the device. They must agree to the personal device corporate policies and privacy policies to access corporate resources.

After the user consents to the corporate policies for a device, the device’s unique Device ID is determined and the appliance registers the device to the user. Subsequent connections from this device do not require device authorization.

In addition, you can monitor usage of personal devices that have accessed the appliance, as explained in Viewing User Access and Policy Details

To create an Device Zone for Personal Device Authorization

  1. Navigate to User Access > End Point Control page

  2. In the Zones and Profiles section, click Edit next to Zones.

  3. Select Device zone from the Filters Type drop-down menu, and then click the Refresh icon.

    All device zones are displayed.

  4. Click on any zone to display Device profiles.

    Only those profiles that are Application Access Control aware are included in the profiles.

  5. In the All Device Zone Profiles list, select the checkbox for any profiles that you want to require in the zone.

  6. Click the right arrow (>>) button. Only one of the profiles in the In Use list needs to match for the application to be placed in the zone you are creating.

    If there are no device profiles for this zone, click New to add one.

  7. Expand Device authorization.

  8. Check the top checkbox in the Device Authorization area to require users to authorize their personal device before a VPN connection is established. By default, this checkbox is checked when EPC is enabled for application zones.
  9. To change the authorization terms that users must agree to, type the desired authorization terms in the Terms section of the Device Authorization area. The Device Authorization checkbox must be checked to edit the terms.
  10. By default, a user authorization expires 180 days after the device was last used. When device authorization is enabled, you can disable zone authorization expiration by unchecking the expiration checkbox or change the number of days before expiration by typing the desired number of days.
  11. By default, user connections to a zone are not dropped when the connection is inactive. However, a inactivity timer can be set In the Inactivity timer area to end the connection after a set period of inactivity. The inactivity timer interval can be set from 3 minutes to 10 hours.
  12. Add the zone to a community as explained in Using End Point Control Restrictions in a Community.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.