Device Access Control

To guarantee that only trusted devices can access your cloud service and only from approved networks, you need to verify that users install the Coronet client on their devices.

The Coronet client monitors device and network vulnerabilities and allows you posture-based access control to your cloud service.
The client also provides an additional layer of user identification, as you can define that only users with corporate-activated devices can access your services.

The setting of Device Access Control is located at the end of the setting section of each service (see the Connecting to cloud services guide)

Coronet provides you with several options to make sure your devices and access networks are monitored and protected:

  • If you would like just to advise your users to use the Coronet client, select “Notify the user via email to activate the Coronet app on their devices, but do not take any enforcement action”.
    Users of this service that do not have any device with Coronet client installed and activated would be prompted by email to install Coronet client on their devices.
  • If you would like to be more stringent and enforce users to install Coronet client at least on one of their devices, select “Notify the user via email to activate the Coronet app on their devices and block the access to this service after 24hrs for users without activated Coronet app”.
    Users who do not have an active Coronet client (a client that communicated to the Coronet server in the last 24 hours) will be prompted by email to install and activate a Coronet client, and will be blocked from accessing the cloud service.
    Only after the user installed and activated a Coronet client and clicked the "Scan/Authenicate" button on the client to check the device and network posture, he will get access to the cloud service.
  • An even more strict option is to make sure every device that access your cloud services must have the Coronet installed. To achieve this goal, the Coronet client will be added as an authentication factor in the cloud service sign in flow.
    Depending on the cloud service authentication architecture you would be offered one or two of those options:
    • Enforce use of the Coronet app as an authentication factor by defining Coronet as an MFA in ADFS”.
      In this option the cloud service uses AD (via ADFS) as its User Directory and Identity Provider and Coronet is added to the ADFS Multi-Factor-Authentication flow.
      When your users login to the service, in additional to the regular authentication mechanism (e.g. username and password), they will be required to authenticate their device by clicking the “Scan/Authenticate” button on the Coronet client application.
    • Enforce use of the Coronet app as an authentication factor by defining Coronet as an IdP for this service”.
      In this option the cloud service will be used to manage the users, but their password-based and device-based authentication will be done by Coronet which will serve as an Identity Provider (IdP) for this cloud service.
      When your users login to the service, in additional to password authentication (managed at the Coronet SecureCloud MANAGE→Users console’s menu), they will be required to authenticate their device by clicking the “Scan/Authenticate” button on the Coronet client application.
  • If you select “Do not apply Device Access Control”, Coronet will still monitor service activity and allow mitigation actions based on abnormal service activity, but you and your users will have no visibility into vulnerable devices and the hazardous networks, and you might expose your corporate cloud data to device-initiated and network-initiated attack vectors.
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.