Configuring Device Binding on the ISA Web Console Using Automatic Device Registration Details
Device
Registration occurs when
Instasafe Secure Access (ISA) automatically captures certain device
identification details when an ISA User Agent
connects to the ISA Controller. The
information captured during Device Registration are:
- MAC Address of the physical network
adapter
- Operating System Name
- BIOS Serial Number
- Universally Unique Identifier (UUID)
The
above information is captured irrespective of whether the User Agent is able to
successfully connect to the ISA Controller.
Using
these parameters, it is possible to enforce Device Binding on users. Device
Binding will ensure that the users are allowed to make connections only
from those devices registered in the ISA web console. This will eliminate
attacks due to stolen or shared passwords. A user can be bound to multiple
devices.
In
addition to configuring Device Binding
using automatically captured parameters, the ISA web console allows admins to
register devices manually.
This
article describes the process of configuring Device Binding using automatic Device
Registration.
- Log into the ISA web console using admin
credentials
- Navigate to the DEVICES & CHECKS > DEVICES
page.
- The
information of automatically captured devices will be listed here. Each
device will be listed with their automatically created name. The name is
the concatenation of the username of the remote user, the string “device”,
and a number separated by underscores. The number represents the number of
devices this user has connected with. For example, the user Ruby has connected with one device,
an Ubuntu client. If the same user connects from a Windows client, a new
entry will be created and listed with an identical name but the number
increased to two. For the purpose of this article, we select the device profile name “ruby_device_1” and bind it to the user Ruby.
- When a user's device information is captured, the default status of the device is Pending Approval. Until the device is approved or activated, if the user or the user group has Device Binding enabled, the user will not be able to connect from the device. Click the name of the device. For updating the statuses of a large number of devices at once, refer to the KB article Performing Bulk Operation on Device List
- On the Device
Details window, click Activate
- On the pop-up window, click Yes, Activate it!.
- The device has been activated.
- Navigate to the USERS & GROUPS > Users
page.
- On this page, click on the name Ruby Kane
- In the edit user window, click on Edit.
- Scroll down
and toggle the Device Binding
button to enable it. Then click inside the Select devices box to list the device names. Select the device
name for the user. In this example, ruby_device_1.
- Click on Update at the bottom to save this configuration.
- A message at the bottom, User
has been updated, indicates the configuration has been updated.
Click on the “X” button to
close this window.
- Next,
we will test Device Binding by
connecting the user Ruby Kane from a
different device than the device the user is bound to.
Testing
In this example, we connect
the user Ruby Kane from an iOS
device.
- On the iOS device, login to the ISA web
console using the remote user’s credentials.
- Click on the iOS icon to download the ISA User Agent.
- From the Apps Store, download the ISA User Agent for iOS.
- In the User Agent app, enter the domain name assigned by InstaSafe and click Login
- In the authentication window, enter the username and password for the user. In this
example, the credentials for the user Ruby
Kane have been entered.
- Click Sign
In.
- The Agent will attempt to connect but will be blocked by the ISA Controller.
The user will see the message “Error! Device not authorized”
- On the
ISA web console, navigate to the DEVICES
& CHECKS > Devices page. On this page, although the User Agent was not
successful in connecting, the device information would have been captured and a
new device will be listed. In this
example, the information of the iOS device has been captured and a new device
with the name ruby_device_2 has been
created. The ISA web console
administrator may choose to add this device to the user’s Device Binding configuration.
In the event you are unable
to configure Device Binding by
following these steps, please contact your organization's IT Team
If you are an administrator
of the organization's ISA Account and need assistance, contact InstaSafe Support
Related Articles
Configuring Device Binding on the ISA Web Console Using Manual Device Registration Details (Windows Client)
This article describes the process of configuring Device Binding using manual Device Registration for a Microsoft Windows PC. One method of Device Registration occurs when Instasafe Secure Access (ISA) automatically captures certain device ...
Device Registration and Binding
Instasafe Secure Access automatically captures certain device identification details when the User Agent is installed on an end-point. Using these parameters, it is possible to enforce ‘Device Binding’ on particular users. This would ensure that ...
Configuring Geo Binding
This article describes the step-by-step method to configure Geo Binding on the ISA web console. Geo Binding helps ISA administrators to restrict the ISA User Agent connection to specific countries, thus further securing remote access to corporate ...
Configuring Microsoft Active Directory (AD) Integration on the ISA Web Console
Microsoft Active Directory (AD): Microsoft Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides authentication and authorization mechanisms, as well as a framework for organizing and managing ...
ISA Portal Certificate Warning
This Article highlights the steps to be taken in case SSL Certificate Warnings are noticed when trying to access the ISA Portal. Issue On trying to access the ISA Portal, warning messages like "Untrusted Certificate" and "There is a problem with this ...